Hi. I'm about to buy the 2860n, but have a question about controlling users web access please. I have the manual, and can understand most of it but want to ask a specific. First, a description of the setup; I have a Server 2008 network with 20 PCs, DHCP handled by the server. As usual DHCP is more or less handing out the same IP nos. to each PC each time the lease expires. I have a separate switch.

So I'll be using the 2860n pretty much as I use the awful BT 2700 or Business Hub 3 they sent me (which went straight towards the bin). I have the 2700 with two sets of users (controlled by IP number), wither totally free to browse, or the other groups controlled by a blacklist, or a whitelist. By the way, wireless isn't an issue here.

My question is, without subscribing to the Draytek web control service, I want to allow unrestricted access to the web to some IP numbers, and a whitelist (i.e. only allow access to around 10 websites) to the rest. I get the impression I can do this, looking at the superb controls available. the users I want to restrict already logon the the server 2008 network of course, but it can be multiple users on a PC through the day, so I would rather not bring in whitelist restriction by user, rather do IP address or mac ID if I have to. Just want to know which of the many routes available for this (in the manual) would be best for me.

Many thanks.

If multiple users logon to PCs then how is blocking by IP going to help?

Lorian wrote: If multiple users logon to PCs then how is blocking by IP going to help?

Thanks for your reply. All the users who logon to that PC will be restricted, that's fine. I'm replacing a BT 2700 router (awful) but at least it does have this facility. Other PCs are left unrestricted, which is what I want. So there are two levels (in the BT 2700 you can have 3 levels actually, level 1, level 2, and unrestricted).

So make sure the pc you want get fixed ip addresses and make them in a small continuous range. Then you can create a firewall rule that applies just to this range of addresses. it doesn't have to be based on a subnet.

Lorian wrote: So make sure the pc you want get fixed ip addresses and make them in a small continuous range. Then you can create a firewall rule that applies just to this range of addresses. it doesn't have to be based on a subnet.

Thanks. The server gives a DHCP address, but it never changes so that is OK - that is how I do it now with the BT's "allow/disallow content/url list", but using a menu. Could a firewall rule be a load of websites? In effect whitelist for those IPs and all other sites blocked? And all other IPs not mentioned in the rule would be unrestricted.

Yup.

You create a blacklist with a number of websites in it.
Then you create one firewall (data) rule to block everything on the list for your list of restricted PCs.

As the list only applied to the restricted PCs then it is not applied on other machines.