Blocking neighbor from using my cisco router (Q for cisco folks) [Archive]


	TribalWar Forums > TribalWar Community > TW Tech > Blocking neighbor from using my cisco router (Q for cisco folks) PDA Blocking neighbor from using my cisco router (Q for cisco folks) PageMap 11-20-2002, 02:05 AM Hello, The guy across the hall has a 100Mbps line directly to my switch so we can transfer files faster. Anyways, I have caught him using my bandwidth on a couple occasions so I enforced some measures to keep him from doing it again. 1. I created a /29, which allows a maximum of six hosts per network. (Mask 255.255.255.248) 2. Made three static routes to null0, I use .1, .2, and .3 for my router and two computers. The other three I dont want to access the internet at all. The routes are: ip route 192.168.1.4 255.255.255.255 Null0 ip route 192.168.1.5 255.255.255.255 Null0 ip route 192.168.1.6 255.255.255.255 Null0 I know this won't block outbound traffic, but it will block return traffic, effectively disabling WAN traffic on those IPs. I know I could have created an ACL, but I didn't want to incur the cpu hit that comes with them. My question is this; is there a better way of blocking WAN traffic rather than putting up an ACL or my static route method? Thanks. Data 11-20-2002, 10:38 AM Say wha? :eek: iNVAR 11-20-2002, 02:17 PM paging mr. candyman.... PowdaHound 11-20-2002, 02:43 PM Get 56k. Promlem solved! :bigthumb: Zwitterion 11-21-2002, 09:04 AM Put his connection on a separate switch, and put another nic in your computer. Make sure ICS isn't turned on. Merlock 11-22-2002, 01:53 PM The static routing method is the easiest way if your router doesnt support station-based service blocking. My netgear, I could just literally turn off all WAN traffic to a given IP... makes life easy ;) CandyMan 11-22-2002, 07:42 PM That's only going to work if you don't care if he starts forcing data out the network ala kazaa or dc. If he starts the sessions, incoming will work no matter what using a static map. Outbound always allows inbound via static. An ACL would be the best way unless you want to do something along the lines of QoS (if your router supports it), and the cpu hit you'll take will be non existant on such a small ACL. We've had switches running 2000+ lines of hosts within an ACL and it had no performance hit on them at all. PageMap 11-23-2002, 03:01 AM The router is a low end 806 though, and when I first received the router, I put about 15 ACLs in there as well as packet inspection and during large transfers the cpu would go over 60%. Also, I found enabling packet inspection slowed down transfers by about 2/3. After minimizing ACLs, and turning off packet inspection I can regularly acheive almost the full 10Mbps at times. My current ACLs are: access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 111 deny tcp any any eq telnet access-list 111 permit ip any any fatalerror 11-23-2002, 10:35 AM unplug his connection. do you really share that many files? PageMap 11-24-2002, 08:42 PM I have done that before. Although, he has a few mp3s that I like to listen to that are located on his computer. I dont want to copy them over to mine because I dont listen to the same music all the time. PageMap 11-29-2002, 06:10 PM I gave up and applied an access list to my lan interface.