Here is my current setup:
I have several faculty machines who use the router as their gateway to the internet. The ip is given to these machines via dhcp.
All of my student machines use this gateway, also, but web browsing is forced to go through my proxy server via AD Group Policy.
This works fine.
What I need to do now is force all rogue laptop users (those not part of my domain) to use the proxy server also. Right now when they plug in they get the gateway address and out they go.
What I'm hoping to do is the following:
Assign a second ip address to my router (on a subinterface?).
Rogue machines get this ip as the default gateway (done via DHCP scopes)
Tell the router that outbound 80,21,443 traffic on this subinterface must come from the IP addy of the proxy server.
Public users will be told that they must configure their browsers proxy settings to point to the proxy server.
In my mind, this scenario would work well, but I'm not sure how to config the router. I understand that I can give g0/0 a secondary ip address, but I seem to only be able to apply acl's to the interface itself - thus leading me to believe I need to create a subinterface and assign it another IP.
I actually tried this:
router# config t router(config)# int g0/0 router(config-if)# int g0/0.1 router(config-subif)# ip address 192.168.254.154 255.255.0.0
% Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE
802.1Q, or ISL vLAN.Clearly I'm barking up the wrong tree here, or perhaps I'm just missing some steps. Will my idea even work? Will I be able to apply outbound ACL's to just this one subinterface?
My router is doing pretty much nothing else but routing between my core switch stack and my ISP's router via g0/1
Thanks for any advice