Solved

Cisco 2821 Internet Filtering using Mac Address

Posted on 2009-05-16
3
748 Views
Last Modified: 2013-11-16
Experts, i have new cisco 2821, i'm using it as default router using ADSL connection, now the boss want me to stop few computer accessing internet via cisco rules and some computer stop only internet but not oputlook email. any recommendation? i probably wants mac add filtering if possible...
0
Comment
Question by:tropicmar
  • 2
3 Comments
 
LVL 7

Expert Comment

by:diepes
ID: 24405642
The problem is the router only supports L3/IP access lists.
If the pc's have fixed IP's, either static config, or set same ip in DHCP (based on mac) you can add a acl to block the IP's

I assume the router is only used for Internet access.

If the router plugs into a Cisco switch you can do mac filtering on the Cisco switch port connecting to the router.


0
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24407744
It is possible to do this.

Simply put the port into layer 2 mode (via switchport).
Remove the layer 3 details.
Configure your layer 2 details on the physical port.
Enable intelligent bridging (bridge irb)
Create a BVI
Configure layer 3 details on the new BVI logical interface
Apply a MAC ACL to the BVI.

As an example:

bridge irb
!
interface FastEthernet0/0
no ip address
no ip route-cache
no ip mroute-cache
bridge-group 1
no shut
!
interface BVI1
ip address 1.1.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 address aabb.ccdd.eeff discard
!
end
0
 
LVL 13

Expert Comment

by:Quori
ID: 24407767
Note the above would drop pretty much all traffic from the MAC specified.

With what you're attempting to do, you'd be best off using VLANs, and managing it that way, then use layer 3 ACLs for filtering on the specific subnets. This would be far less administrative overhead in the long run.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Checkpoint Endpoint Managment 3 76
cannot send E-mails to one company 15 91
VPN tunnel between Watchguard and OpenVPN? 1 36
Cisco 3800 series and WISM2 1 16
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question