[cisco-nas] Filtering users
Aaron Leonard
Aaron at cisco.com
Fri Aug 15 18:01:43 EDT 2003
> Hi all.
> Is it possible to filter traffic between 2 users dialed up to the same AS
> box?
> I can filter inbound/outbound easy..
> But just wondering if there is a way, just in case a user's infected pc trys
> to infect others in the same block.
> Since the ip's are in the same block, the traffic will just route between
> the users, never giving me a change to filter them. Correct?
> Steven
No, all your filters (access lists) will apply to dialup users.
Each dialup user is on his own interface. So if you have an
input access list on your group-async/virtual-template/dialer/
whatever, any packets denied by the access list will be dropped
when received from the dial link and will not be switched elsewhere.
Aaron
More information about the cisco-nas
mailing list