• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

BLOCK A HOST FROM THE INSIDE

Hello,

Is there a way to block a host from the inside using only there MAC address on a PIX 501?

Thank You
0
vreyesii
Asked:
vreyesii
  • 4
  • 4
2 Solutions
 
lrmooreCommented:
Only by IP address on PIX. By MAC on switches or on routers.
Does the switch that the PIX is connected to support acls? What kind of switch is it?
0
 
vreyesiiAuthor Commented:
It is a 3500 XL Switch.
0
 
lrmooreCommented:
No acls supported on 3500XL
Can you be more specific on what you are trying to do?
Do you have a misbehaving user that keeps changing their IP address?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
vreyesiiAuthor Commented:
I have a user which connects to the network using a wireless connection. They are assigned an IP address from Wireless DHCP router. I want to block this user from having access to the network. The DHCP address for the wireless users are changed everyday by the DHCP server.

 
0
 
lrmooreCommented:
Try adjusting the lease time for DHCP on the router so that the IP's don't change every day.
Do these wireless users get an IP address on a different IP subnet than the users on the inside of the PIX? In other words  is this wireless router's WAN port or LAN port connected to your network? What kind of router is it? Are you trying to block this user from using the Internet though the PIX, or access the LAN from the Wireless net?
There's not a lot you can do with what you have.
0
 
vreyesiiAuthor Commented:
The wireless users get an IP address from a different subnet then the inside of the PIX. However, the WAN port on the wireless router is on the same subnet as the inside of the PIX. Also, the wireless routers is running NAT.
0
 
lrmooreCommented:
Then the wireless router is where you have to put the restrictions. All the PIX will ever see is the natted IP address and the MAC address of the router.
0
 
LBACISCommented:
I would suggest a Mac-IP address mapping to the user for the dhcp appliance. Have the appliance use a different subnet which will not allow the two nets to talk. then use a acl as suggested before for a bootstrap.
0
 
vreyesiiAuthor Commented:
Thank you both for all your help.

vreyesii
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now