Solved: Restrict Internet access

A.K.M. Sayeed · ‎07-23-2011

I have many more cisco switches and routers in my office. My core switch is a cisco 3560 24 Port and Router is Cisco 2951. We have proxy servers for internet access. But now a days many users came to know the address and port no of proxy servers. Therefore they can manually set the proxy server and port in their desktop or laptop and hence use internet easily. I would like to restrict this internet access. But I am not sure how to do it. I would like to use a MAC based authentication for internet access. So in this case should I create acess list in my router that connects to internet or core switch that connect all my office network to the router.

If any one can help in this regard pls.

Jon Marshall · ‎07-23-2011

If they are still using the proxy then an acl won't help because all traffic will appear as the proxy server IP and mac-address.

To be honest there are better solutions than trying to do it with Cisco kit -

1) check your proxy server, you may be able to limit who can access

2) at the last place i worked they locked down the desktop so that a user could not change the proxy settings. This was done by enforcing group policy in Microsoft AD.

Jon

View solution in original post

Jon Marshall · ‎07-23-2011

If they are still using the proxy then an acl won't help because all traffic will appear as the proxy server IP and mac-address.

To be honest there are better solutions than trying to do it with Cisco kit -

1) check your proxy server, you may be able to limit who can access

2) at the last place i worked they locked down the desktop so that a user could not change the proxy settings. This was done by enforcing group policy in Microsoft AD.

Jon