you will have to use extended accesslists to achieve this task. The following is an example only..
access-list 100 deny tcp any any eq telnet access-list 100 deny icmp any any you can replace the first any with source ip address'es and the second any with destination ip address'es and allow some PC's to telnet/ping some, but not others. To get a detailed explanation of access lists, search the cisco website or refer to any CCNA book. Nick S. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29997&t=29994 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]