I would like to assign blocks of IPs through DHCP to particular computers using their MAC addresses as reference. The reason, I want to assign restrictions for particular blocks only. For instance. I want my son's laptop, and pc, to stop accessing the internet after 11:00pm. I want his PS3, and PSP to stop accessing the internet during weekdays. I can set up a profile for each block. But... I do not want to assign the IP address at the device as I would like them to remain DHCP in case he needs to access a hotspot elsewhere or at a friends house. He's also savy enough to change the IPs to get around fixed IPs. Therefore tying the IP to his MAC address is required. This would be helpful for my print server also. Can the WRT54G do this?
1. It is not possible with a WRT54G, at least not with standard Linksys firmware. You may be able to install third party firmware like dd-wrt. See the wikipedia article on "WRT54G" for a start.
2. Even if you do this it won't stop your son from accessing the internet:
* he still can manually set a different IP address. Binding an MAC address to an IP address through the DHCP server does not mean that the MAC address is not able to use a different static IP address.
* he still can manually change the MAC address.
* he still is able to crack your router's password and temporarily change the settings.
* he still can use your neighbor's wireless access point unless it is WPA/WPA2 protected and with a strong passphrase
Just believe me: if you want to limit internet access of your kids with this router (or any other cheap SOHO router) you won't succeed. You have to unplug the router from power or from the modem. This is the only effective way to eliminate internet access from this router. Anything else won't work. But don't forget to teach all your neighbors how to secure their wireless routers with WPA/WPA2 PSK. And don't miss out those neighbors who think they can hide their unencrypted or WEP encrypted networks by disabling SSID broadcast. These, too, are quickly located.
If his login account on his laptop is a limited account and you are the adminstrator of his laptop, i.e. you determine what can be installed, permitted, etc. on his laptop he will only be able to do what you allow. With a solid Local Policy and NTFS permissions you can really lock down his laptop. We have PCs here at work that are for Public use but they are locked down so tight they can only be used for what we intended them to be used for. We've physically disabled the optical and floppy drives. We've disabled them in BIOS, we've set a BIOS password. These Public kiosks have not been compromised in the 5 or so years that we've made them available. You might want to look into Local and Group Policies using gpedit.msc and NTFS permissions.
I find kids with a lot of time and enough energy to obtain unlimited internet access will even crack a locked down PC if it has to be with some yet unpatched security exploits to get privilege elevation. It is definitely not easy and foolproof to lock down the machine with local policies and software restrictions policies but probably the only way to get it done if at all.
Plus, it won't help with the PS3 or the PSP...
I think it would be more effective and easier with a better router/switch which does allow 802.1x authentication of LAN access. But that won't solve the problem with the neighbor's router.