D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-601 => Topic started by: PatchesOfPlenox on June 02, 2012, 05:56:15 PM

Title: Access Control "wildcard" or "Everyone else" policy.
Post by: PatchesOfPlenox on June 02, 2012, 05:56:15 PM
First post, hrmph.

Just got one, decided to switch out my old one for this one, as I've had it layin' about.
Was excited that I could move on from using OpenDNS with the Website Filter.
I thought.

Currently, if I set up a policy in access control, I can only block things specifically. Example:

Computer A is set up with a policy to deny facebook.

This works. I can do this. This is not what I want. I would much prefer to deny it to "everyone except me" or just "everyone".

I don't always know the MAC, nor do I want to have to add them to the policy manually. I would rather it be the DEFAULT policy to deny access to websites based on my Website Filter, and then make policies to ALLOW them through. I will settle for just "No one is allowed here".

I don't want to close off the network, it's open for a reason. I just don't trust all my users, some of them are children.


In shorter terms: How do I make a policy affect everyone on a network? "Other Machines" in the policy bit does not seem to do that.
Title: Re: Access Control "wildcard" or "Everyone else" policy.
Post by: FurryNutz on June 04, 2012, 07:33:53 AM
Have you tried to set up separate access policies for say 2 groups of people, one for trusted people and one for blocking those you don't? You'll need to identify MAC addresses and set up reserved IP addresses to do this.
Title: Re: Access Control "wildcard" or "Everyone else" policy.
Post by: PatchesOfPlenox on June 04, 2012, 09:34:53 AM
I've thought about it, but once again it would require me to manually enter all of their mac addresses or reserve them an IP. Not all of the kids are here all the time, some times they bring friends, etc.

It would be a lot of hassle to see if anyone new is on my network, get their mac, reserve them an IP, and then add a policy for every device they connect to a network.

A more general "No one goes here" policy would be much simpler, due to it being nearly automatic, without my constant babysitting.
Title: Re: Access Control "wildcard" or "Everyone else" policy.
Post by: FurryNutz on June 04, 2012, 09:46:10 AM
Even if your known constant users on your network, reserving and using Mac addresses is going to be needed and is recommended if your going to be managing. One thing that it's not to hard to use is the Network settings/Dynamic Clients list. It offers the ability to click on reserve then it should be auto filled in under Add Reservation then you can just give it a name for ease of identification. IT will fill in the IP and MAC addresses automatically. I belive your going to have to make 2 policies for each group, one for those who you want to restrict from sites and possibly one for a open users group maybe. These routers have the ability to restrict and manage however this maybe some what beyond the scope of handing what your asking for or just a little setup time will be needed to get the process in place. One other thing you could do is limit the number of IP addresses the router can automatically assign. Say you have a known set of constant users, limit the routers IP address pool from 200 to 10 or 20. I used to use the following addressing scheme: 192.168.0.1-.50 Subnet of 255.255.255.192. This might help you manage who comes and goes. The router wont automatically give out an ip address if there is not room.

You may want to consider having a router that does Guest Zone support and putting untrusted users on the Guest Zone and trusted and constant users on the private zone and set up a constant policy for those users. This would alleviate some of the management however would not restrict usage to sites.  :-\