I have an ethernet segment that I would like to put some restrictions on, and after having played around with several solutions, I came to one that I believe is the best. Please do not reply with "why don't you use the firewall", or similar suggestions - because I am looking for a way to get this solution to work.
I have placed a Cisco 2514 on a segment so I can create access-lists to filter traffic. I want my segment to have the same IP addresses and be on the same network, so I have assigned the 2514 as a bridge where both ethernet interfaces has the same IP address, and are in the same bridge-group. IP routing has been disabled. This all works fine, except that any access-lists I create on any of the two ethernet interfaces does not block anything at all - it's like access-lists are being ignored when the interfaces works in bridging mode. Here's how it looks very simpyfied: internet---router---firewall---2514---switch---users and servers A part of the config: no ip routing ! interface Ethernet0 ip address 10.25.14.1 255.0.0.0 no ip directed-broadcast no ip route-cache no mop enabled bridge-group 1 ! interface Ethernet1 ip address 10.25.14.1 255.0.0.0 ip access-group 100 in no ip directed-broadcast no ip route-cache no mop enabled bridge-group 1 ! bridge 1 protocol dec ! ip classless ! access-list 100 deny ip any any ! The e0 interface is connected to the firewall, the gateway router, and eventually the Internet. The e1 interface is connected to the switch connecting a workstation. >From that workstation I am browsing the web, but even with the "deny ip any any", I can keep browsing without being blocked. Can someone explain this, and perhaps come up with a solution to fix this problem on this router? Thanks in advance, Ole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.RouterChief.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24791&t=24791 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
