Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Cisco » [HELP] Internet restriction in LAN
Search Topic:
Uniqs:
187		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
Is it national hack a router day? »
« [Config] What am I over looking in this 1605?  
AuthorAll Replies


aimal



[HELP] Internet restriction in LAN

hi,

i want to configure my LAN so that only those PCs which are registered in Domain and are logged through Domain can access the internet and LAN resources, the rest of the users which are logged to their PC as local user should not be able even to get IP from DHCP and use static IP given manually to their PC for accessing any thing on the LAN.
to forum · permalink · 2008-07-29 05:55:32 · Reply to this

aryoba
Premium,MVM
join:2002-08-22

 Are you referring to MS Active Directory Domain? If yes, then the management setup you are looking for should be centralized on the Domain Controller. In addition, you may need external authentication server such as RADIUS to restrict which destination IP addresses certain users can or cannot access.
to forum · permalink · · 2008-07-29 08:46:07 · Reply to this

Euphrates

join:2007-04-30
Bellingham, WA

reply to aimal
Well, I believe you could configure Active Directory to issue only a certain block of ip ranges to Active Directory computers and then have the DHCP Server (probably running on the DC) issue out another range of ip addresses to "other" computers not a part of Active Directory. Once done, then the configuration on the router is a simple access list denying internet access to the non-Active Directory range of ip addresses.

This is a quick and dirty solution, but should work. However, because it isn't relying on Active Directory on the router side, it can be bypassed.
to forum · permalink · · 2008-07-29 14:26:48 · Reply to this


joecool42069

@rr.com		reply to aimal
802.1x(wired or wireless), dynamic vlans with VMPS, Cisco NAC... to name a few, though 802.1x sounds like it fits your scenario best.
to forum · permalink · 2008-07-29 23:17:17 · Reply to this
-
Forums » Equipment Support » Hardware By Brand » CiscoIs it national hack a router day? »
« [Config] What am I over looking in this 1605?  

Wednesday, 03-Dec 21:58:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [120] AT&T Metered Billing Trial Hits Second Market
· [95] UDP BitTorrent Will Destroy The Interwebs!
· [87] EFF Challenges Telecom Immunity
· [86] Exclusive Screens Of Comcast's New Bandwidth Meter
· [61] Comcast Tries To Slow Verizon's Philly Entry
· [58] Apple: Who Believes Our Ads Anyway?
· [57] Comcast To Offer Bandwidth Use Tracker In January
· [52] T-Mobile Invisible Caps Return
· [48] App Simplifies Free AT&T iPhone Wi-Fi
· [45] Verizon Tops Consumer Reports Wireless Satisfaction Ratings
Most people now reading
· Coalition Government Possible? [TekSavvy]
· Whats wrong here? [Automotive]
· Digital Transport Adapter Unboxing Photos [Comcast Cable TV]
· [Rant] Beeping at BestBuy [Rants, Raves, & Praise]
· [Rant] People bitching about Best Buy [Rants, Raves, & Praise]
· Maggots on the kitchen ceiling So Gross. Need Help!! [Home Repair & Improvement]
· Notice, new uTorrent Alpha may be able to evade throttling [TekSavvy]
· WoTLK Heriocs [World of Warcraft]