You don't give much info. What addresses are you handing out via your pool? Where are you applying the acess-list?
When I had done something similiar long time ago, employees and faculty total access, customers limited. Set up two access-lists and access lists were applied to user via authentication on TACACs server. I think this is what you want to do. You can also use Radius, TACACs is free, only need a UNIX hac. Dave "J. Johnson" wrote: > > We have a Cisco 5300 Dial-up. We want to allow everyone to get to our > network when they dial in. We do not want everyone to get on the internet > when they dial-in. This is what my access list look like > > access-list 110 permit ip 165.5.0.0 0.0.255.255 any > access-list 110 deny ip any any > > Everyone can get to our network and get on the internet with the above list. > Can you see anything wrong? > > Thanks. > > Jill -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28947&t=28927 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]