Answer the question
In order to leave comments, you need to log in
It is necessary to divide computers into 2 groups: 1) only LAN is available 2) there is both Internet and LAN. How?
What is the best way? All computers with Windows (XP or 7).
Now it's done like this - on computers where you need access to both LAN and the Internet, there are TWO network cards.
For the local address 192.168.0.*, for the Internet - 192.168.1.*. I would like to get by with one.
Answer the question
In order to leave comments, you need to log in
I join Alexey POS_troi - the easiest way is to filter at the exit to the Internet.
Further depends on the implementation of access to the Internet - or white (black) lists of MAC addresses on the router, or authorization on the proxy by user.
To say something else, details are needed.
The simplest way (without making changes to the logical scheme of the network) is a firewall at the output with filtering unwanted traffic.
Do we limit access to the Internet by computers or by users?
although in any case, I would advise you to pay close attention to the latest invention - the proxy server.
now discarding the sarcasm. Proxy - can let / not let in the Internet both on the basis of the ip of the computer, and on the basis of the username. plus - all sorts of goodies such as usage statistics, anti-virus traffic control, blocking all sorts of banners / social networks / videos, etc.
Yes, everything was written correctly already above, the firewall distinguishes access to the Internet port by ip, and rightly everyone suggested a way through DHCP.
I'll tell you about the equipment, the easiest and cheapest way to buy a MICROTIC router (although I'm afraid to call it that) and prescribe everything in the settings there.
https://market.yandex.ru/product/12358922?hid=723087 - this model is suitable for up to 20 users (who has Internet access)
https://market.yandex.ru/product/9263634?hid=723087 And this if over 30.
Ask questions.
We quickly and easily set up one network card for everyone and on it the network 192.168.1.*/24, for everyone who needs an Internet, we prescribe a gateway and dns, the rest do not, profit! If people don’t fumble in computers, then we use all the rules, and if fumbles, then we don’t set the gateway, but we prescribe it with our hands "route add 0.0.0.0 mask 0.0.0.0 ....."
Create 2 vlans, respectively 2 subnets, for example 192.168.1.0/25 and 192.168.1.128/25. On the grid, to whom only the locale is available, hang ACL permit ip 192.168.1.0 0.0.0.127 192.168.1.128 0.0.0.127.
quick and dirty :
The first group has routes to local networks only, the second group has routes to everything.
In the absence of admin rights, they will not be able to correct the routing table on their own.
You can implement it both manually (if there are 2-3 computers) or via DHCP (reservation of addresses and prescribing the appropriate settings in the reservation will be required).
PS I have two such computers (the first group) - it was easier for me to do this =)
Alternatively (and more correctly) - configure network equipment.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question