Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

access list

I dont want to have internet accces for my network, but there are some machines on which i need to have interner access only for windows auto updates and antivirus McAfee auto updates.

Can I limit this access through an access list on a router, if yes then how?

1 REPLY
Community Member

Re: access list

This can be done using an access list as you mentioned. For example lets say you only want to allow your Windows Server Update Server (WSUS) and your McAfee ePolicy Orchestrator server to access the Internet but not allow the rest of your host Internet access.

This acl example allows your 2 servers to access the Internet over port 80 and denies all other traffic access to the Internet over port 80.

access-list 101 permit tcp host (ip_addr_of_mcafee_server) any eq 80

access-list 101 permit tcp host (ip_addr_of_wsus_server) any eq 80

access-list 101 deny any any eq 80

Then apply this acl to the LAN interface inbound on your router

interface fastethernet 0/0

access-group 101 in

I hope this helps. Please rate helpful post.

126
Views
0
Helpful
1
Replies
CreatePlease to create content