Solved

network problem

Posted on 2007-03-18
9
269 Views
Last Modified: 2010-04-17
hi
our company have network with below specification (in link)
i have 17 VLAN in my network and 400 point for network and internet and i have DHCP server (windows 2003)
my problem is i do not need to made all user to enter to network i mean now the user connect the cable to socket and work without i know
can i made access list in pix firewall or in router to shutdown the some port in access switch (the port i do not need the user to use it to enter to network)
or must i shutdown the port in all switch from switch itself

and i have other question
how i can prevent the user who enter to data base from enter to internet

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 18743621
1. For the first step to be achieved, I would suggest you to shutdown all the unused ports on the access layer switches, or else you'll have to go for port security etc which would be a mess to manage.

2. Second question about database, I'm not clear on what is that you're looking for.

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 18743666
hi
thanks for your reply
>>> Second question about database, I'm not clear on what is that you're looking for
i have database server and its connect to the same network therfore all computer connect to it connecting to internet
i want to prevent user from enter to internet but can enter to my domain and database

and about first question is there any way to do that from router or pix

thanks
thanks
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18743683
Naseem,

  I still don't understand, you don't want *a* particular user to access internet?

For the first question, there is no way to introduce it on the router or pix but port security is the only solution if you don't want to shutdown the ports.

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 18743693
hi
in my network there is database server and its connect to same network (many user use database to enter doc.) about 100 user this user must connect to server (database but not connect to internet)
and i have about 100 user must be able to enter to database server and to enternet

thanks
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18743714
Okay so you want to limit just one user, do this;

1. If possible, do not give him a DNS Server address, instead hardcode it.


2. Or, create a fake proxy address and configure it in his web browser, so that whenever he tries, it will die out.

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 18756623
hi
i want to block web site from pix

thanks
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 500 total points
ID: 18756772
If you want to do it in pix, then you'll have to do it step by step;

1. In your dhcp server add a reservation for this particular machine's mac address

(This is to make sure that he gets only this ip all the time).

2. Then on the pix, put in an outbound access-list which prevents his access like one below;

access-list Inside_Out deny ip host <His IP> any eq www
access-list Inside_Out permit ip any any

access-group Inside_Out in interface inside.

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 18762539
thanks
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question