Solved

Cisco 2821 Internet Filtering using Mac Address

Posted on 2009-05-16
3
754 Views
Last Modified: 2013-11-16
Experts, i have new cisco 2821, i'm using it as default router using ADSL connection, now the boss want me to stop few computer accessing internet via cisco rules and some computer stop only internet but not oputlook email. any recommendation? i probably wants mac add filtering if possible...
0
Comment
Question by:tropicmar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:diepes
ID: 24405642
The problem is the router only supports L3/IP access lists.
If the pc's have fixed IP's, either static config, or set same ip in DHCP (based on mac) you can add a acl to block the IP's

I assume the router is only used for Internet access.

If the router plugs into a Cisco switch you can do mac filtering on the Cisco switch port connecting to the router.


0
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24407744
It is possible to do this.

Simply put the port into layer 2 mode (via switchport).
Remove the layer 3 details.
Configure your layer 2 details on the physical port.
Enable intelligent bridging (bridge irb)
Create a BVI
Configure layer 3 details on the new BVI logical interface
Apply a MAC ACL to the BVI.

As an example:

bridge irb
!
interface FastEthernet0/0
no ip address
no ip route-cache
no ip mroute-cache
bridge-group 1
no shut
!
interface BVI1
ip address 1.1.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 address aabb.ccdd.eeff discard
!
end
0
 
LVL 13

Expert Comment

by:Quori
ID: 24407767
Note the above would drop pretty much all traffic from the MAC specified.

With what you're attempting to do, you'd be best off using VLANs, and managing it that way, then use layer 3 ACLs for filtering on the specific subnets. This would be far less administrative overhead in the long run.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to perform a hard reset on your router. Usually this is most-useful on wireless routers, but the same concept applies to nearly all home/SOHO routers. This process will return the router to factory defaults, so record your…
Last Mile Wireless The term last mile wireless is a bit deceptive as it can be much more than a mile. It is also called WiMax and 802.16. It generally refers to relatively short distance point-to-point / point-to-multipoint secure wireless connecti…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question