I want to block Internet access specifically ports 80 and 443 for a specific IP address during specific hours.
I was also trying to test the ACL by adding additional deny statements - possibly this is causing the issue - don't know.
Here is the relevant parts of the config
interface Vlan1
ip address 10.1.2.254 255.255.255.0
ip access-group SchoolHours in
ip nat inside
ip virtual-reassembly in
ip access-list extended SchoolHours
deny tcp host 10.1.2.65 eq www any time-range schoolHours
deny tcp host 10.1.2.65 eq 443 any time-range schoolHours
deny tcp host 10.1.2.83 eq www any
deny tcp host 10.1.2.84 eq www any
deny tcp host 10.1.2.84 eq 443 any
deny tcp host 10.1.2.83 eq 443 any
permit ip any any
time-range schoolHours
periodic weekdays 8:00 to 15:30
My laptop has address 10.1.2.84 but I am still able to browse the internet
Do I need to set up inspection of tcp traffic before this will work ?
Any suggestion most welcomed
Thanks