Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1572
Views
10
Helpful
5
Replies

Cisco router : Blocking HTTP/HTTPS port on specific clients

chaube97
Level 1
Level 1

‎07-26-2022 08:25 AM

My router is Cisco 2911 and there are some PCs that i wish them to be completely shut off from accessing any website.

Is it possible to block traffic for HTTP/HTTPS ports on specific clients ( Specific Mac addresses )

PS. I attempted to do this on my firewall, but the limitations of my network infrastructure made it impossible.

Thank you

https://nox.tips/ https://xender.vip/
Labels:
0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎07-26-2022 08:39 AM - edited ‎07-26-2022 09:12 AM 

ip access-list standard 10
 permit host x.x.x.x 
 Deny any any
ip http access-class 10
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎07-26-2022 08:43 AM

We do not know much about your environment and that makes it difficult to give good advice. In general we can say that blocking certain clients from websites requires layer 3 logic. So blocking by mac address won't work. If these clients have static IP addresses you could use an extended access list to block web site access. But if they learn addresses dynamically extended acl is not an option. Could you create a new vlan/new subnet and put these clients into the new subnet? If so you can configure an acl on that router interface to block web sites.

HTH

Rick

Georg Pauwen
VIP
VIP

‎07-26-2022 09:12 AM

Hello,

you want to block (anything) as close to the source as possible. If you have Windows clients, you can configure an outbound rule in Windows Defender that blocks port 80 and port 443, effectively prohibiting access to the Internet for these clients...

The link below shows how to block a program, simply select 'Port' and block 80 and 443...

https://wethegeek.com/block-internet-access-for-a-program-in-windows-10/

0 Helpful

paul driver
VIP
VIP

‎07-26-2022 11:40 AM

Hello

@chaube97 wrote:

My router is Cisco 2911 and there are some PCs that i wish them to be completely shut off from accessing any website.

You have numerous options however this can depend on your topology, so can you elaborate a little please?

  • Do you mean to deny access to both intranet & internet web access?
  • Are your performing any Network Translation?
  • You mention a FW where is this within your network pertaining to your hosts?
  • Can you post s simple topology diagram

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎07-26-2022 03:59 PM

Can you please elaborate further?  Why MAC address only? 
Are you trying to block certain users from accessing the internet?  If this is the objective then blocking MAC addresses is of no use because a user can move to different machines.  
If the objective of this exercise is to block certain users from accessing the internet then this can easily be done with MS AD.

0 Helpful
Customers Also Viewed These Support Documents