?
Solved

Cisco 2821 Internet Filtering using Mac Address

Posted on 2009-05-16
3
Medium Priority
?
763 Views
Last Modified: 2013-11-16
Experts, i have new cisco 2821, i'm using it as default router using ADSL connection, now the boss want me to stop few computer accessing internet via cisco rules and some computer stop only internet but not oputlook email. any recommendation? i probably wants mac add filtering if possible...
0
Comment
Question by:tropicmar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:diepes
ID: 24405642
The problem is the router only supports L3/IP access lists.
If the pc's have fixed IP's, either static config, or set same ip in DHCP (based on mac) you can add a acl to block the IP's

I assume the router is only used for Internet access.

If the router plugs into a Cisco switch you can do mac filtering on the Cisco switch port connecting to the router.


0
 
LVL 13

Accepted Solution

by:
Quori earned 2000 total points
ID: 24407744
It is possible to do this.

Simply put the port into layer 2 mode (via switchport).
Remove the layer 3 details.
Configure your layer 2 details on the physical port.
Enable intelligent bridging (bridge irb)
Create a BVI
Configure layer 3 details on the new BVI logical interface
Apply a MAC ACL to the BVI.

As an example:

bridge irb
!
interface FastEthernet0/0
no ip address
no ip route-cache
no ip mroute-cache
bridge-group 1
no shut
!
interface BVI1
ip address 1.1.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 address aabb.ccdd.eeff discard
!
end
0
 
LVL 13

Expert Comment

by:Quori
ID: 24407767
Note the above would drop pretty much all traffic from the MAC specified.

With what you're attempting to do, you'd be best off using VLANs, and managing it that way, then use layer 3 ACLs for filtering on the specific subnets. This would be far less administrative overhead in the long run.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to perform a hard reset on your router. Usually this is most-useful on wireless routers, but the same concept applies to nearly all home/SOHO routers. This process will return the router to factory defaults, so record your…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question