Adding external software filter to Cisco router

Brian Taylor · ‎09-18-2011

Hi,

The client has a Cisco 1841 as their main ADSL router where one port supplies a number of subnets.

I'd like to add a software content web filter to the network to supply one department and was wondering what, in principle, I should do. The software web filter is just a like a hub with a single input port and a single output port.

My initial thoughts were:

1. Create a new subnet on the other 1841 network port, connect the web filter to that port and all the department users can use all the other web filter port as their gateway,

2. Same as option 1 but do not bother with the new subnet, just use the existing main subnet. (Obviously I don't care too much if cleaver users find ways around the filter.)

For option 1 I assume I would need to:

access-list nn permit 192.168.2.0 0.0.0.255

For option 2 I'm not quite sure what to do to allow the 1841 to route traffic through the currently closed port, and, how to set up a distinct IP address on the same subnet as the router says that the ip address "overlaps with FastEthernet0/1".

Any thoughts?

Brian

lgijssel · ‎09-18-2011

The best solution would be to put the webfilter in-line with the existing router interface.

If possible, you can assign the ip address of the router to the webfilter so you do not need to adjust the default gateway on the client PC's. Of course this implies choosing a different ip for the router and setting the appropriate default route on the webfilter. Depending on the type of application (L2/L3), the new ip for the router can be in the same subnet or in a new one.

regards,

Leo

Brian Taylor · ‎09-19-2011

Thanks very much Leo - just what I needed, I'll give it a go...

Brian