Use IP filters to deny particular LAN IP addresses from accessing the Internet. You can deny specific port numbers or all ports for a specific IP address.
Use MAC filters to deny computers within the local area network from accessing the Internet. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Additionally, you can create security policies on W2K server for that particular user ID to allow restrictive access to the network.
Setting up a VLAN for such a small home office network would be very expensive in terms of hardware and setup required. If you can let me know the exact requirement, I might be able to guide you better.
This was first published in March 2005