• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13365
  • Last Modified:

Filter MAC address on Cisco router

Hi there,

Im trying to filter incoming traffic on my Cisco 2600 router by Mac-address. there are 5 devices on one side of the router, and i want to make sure they are the only devices that can get trough (on layer 2). Is there a way to check this trough my router?

grtz
0
Todos
Asked:
Todos
1 Solution
 
TodosAuthor Commented:
Paulbobby,

This example shows configuration for a lex interface, however, i need the filter on an ethernet interface.
Any ideas?

grtz
0
 
lrmooreCommented:
G'day, Todos
Your router is a layer 3 device and is not really designed to block MAC addresses, but rather IP addresses, unless you are doing something fancy like MLS (multi-layer switching). You can use the IP addresses as a filter, or you can use the MAC address filters of a switch, if you have one that is capable.


Cheers!
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
nouelletteCommented:
To limit the scope and access of users on segments attached to the Catalyst 2600, select MAC Filter & Port Security from the Configuration Menu.

To restrict certain users from communicating with other users or resources (such as printers or servers), select Configure Filters on the MAC Filter & Port Security panel. The Configure Filters panel (Figure 6-3) is displayed.


Check the Cisco website...they had TONS of docs that reference this for your 2600.

0
 
lrmooreCommented:
nouellette,
Please notice that a 2600 router (as stated in the question) is NOT a Catalyst switch. The Catalyst would be a 2900, vs 2600 model number.
0
 
TodosAuthor Commented:
Lrmoore,

I tought the 2600 series routers had an option called bridging wich would give access to layer 2 options...are you familiar with that option?

thnx
0
 
lrmooreCommented:
Yes you can bridge across multiple interfaces, but it is not recommended across a WAN port. What interfaces did you want to bridge across? There are several different options.
0
 
TodosAuthor Commented:
i was just wondering if activating bridging would give options to filter on mac-addresses...
0
 
lrmooreCommented:
Nouellette, I must apologize, there was at one time a 2600 series Catalyst switch line. Sorry.

Todos,
Here is a good primer on using bridging and VLANs:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008008019c.html

I think you can have the option in this case to assign mac-address filters.

If you have a pure TCP/IP network, I can't help but think that there is a better way to accomplish your goal. Are you using DHCP? You can always reserve ip's based on MAC and nobody else gets an IP address.
0
 
TodosAuthor Commented:
Thanks for your help Lrmoore and Paulbobby.

I think i will try to solve t by installing a switch between the hub and my router wich can block at layer 2.

grtz
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now