Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

BLOCK A HOST FROM THE INSIDE

Hello,

Is there a way to block a host from the inside using only there MAC address on a PIX 501?

Thank You
0
vreyesii
Asked:
vreyesii
  • 4
  • 4
2 Solutions
 
lrmooreCommented:
Only by IP address on PIX. By MAC on switches or on routers.
Does the switch that the PIX is connected to support acls? What kind of switch is it?
0
 
vreyesiiAuthor Commented:
It is a 3500 XL Switch.
0
 
lrmooreCommented:
No acls supported on 3500XL
Can you be more specific on what you are trying to do?
Do you have a misbehaving user that keeps changing their IP address?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
vreyesiiAuthor Commented:
I have a user which connects to the network using a wireless connection. They are assigned an IP address from Wireless DHCP router. I want to block this user from having access to the network. The DHCP address for the wireless users are changed everyday by the DHCP server.

 
0
 
lrmooreCommented:
Try adjusting the lease time for DHCP on the router so that the IP's don't change every day.
Do these wireless users get an IP address on a different IP subnet than the users on the inside of the PIX? In other words  is this wireless router's WAN port or LAN port connected to your network? What kind of router is it? Are you trying to block this user from using the Internet though the PIX, or access the LAN from the Wireless net?
There's not a lot you can do with what you have.
0
 
vreyesiiAuthor Commented:
The wireless users get an IP address from a different subnet then the inside of the PIX. However, the WAN port on the wireless router is on the same subnet as the inside of the PIX. Also, the wireless routers is running NAT.
0
 
lrmooreCommented:
Then the wireless router is where you have to put the restrictions. All the PIX will ever see is the natted IP address and the MAC address of the router.
0
 
LBACISCommented:
I would suggest a Mac-IP address mapping to the user for the dhcp appliance. Have the appliance use a different subnet which will not allow the two nets to talk. then use a acl as suggested before for a bootstrap.
0
 
vreyesiiAuthor Commented:
Thank you both for all your help.

vreyesii
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now