RE: Need to take away internet access for a user..

Wed, 01 Oct 2008 12:04:30 -0700 

Awesome....thanks..

 

________________________________

From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 01, 2008 3:04 PM
To: NT System Admin Issues
Subject: RE: Need to take away internet access for a user..

 

Couple options....

 

1.                Find out what port s/he is plugged into on the 3560.
Being a Layer 3 switch, you can apply a Layer 3 ACL directly to the port
they live on (see below).

Switch(config)# access-list 101 deny tcp any any eq 80

Switch(config)# access-list 101 permit ip any any

Switch(config)# interface fastEthernet0/1

Switch(config-if)# ip access-group 101 in

 

2.                Deny them on the PIX (see below).

PIX(config)# access-list INSIDE_ACCESS_OUT deny tcp host 1.1.1.1 any eq
80

PIX(config)# access-list INSIDE_ACCESS_OUT permit ip any any

PIX(config)# access-group INSIDE_ACCESS_OUT in interface <name of
interface>

 

 

HTH,

Aaron Rohyans 
IT Coordinator, IDC-USA 
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  
317.244.8307 (V) 
317.244.4600 (F) 

________________________________

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 01, 2008 2:54 PM
To: NT System Admin Issues
Subject: RE: Need to take away internet access for a user..

 

However, this sounds like a management issue, not an IT issue.
Unfortunately, you'll find yourself stuck in the middle... again.

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_____  

 

From: Chyka, Robert [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 01, 2008 2:49 PM
To: NT System Admin Issues
Subject: Need to take away internet access for a user..

 

We have a windows 2003 domain and a Cisco infrastructure at a small site
(Pix 515, Cisco 3560s).  what is the easiest way to take away internet
access for a workstation?    Is there anything I can do at the pix.
Ie.block port 80 traffic for a certain ip etc.?

 

The user is savvy....at first I added a fake proxy setting in IE, but
they found it.  Management doesn't want to tell them straight out
yet....

 

 

Thanks for any help..

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to