Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco 2821 Internet Filtering using Mac Address

Posted on 2009-05-16
3
Medium Priority
?
787 Views
Last Modified: 2013-11-16
Experts, i have new cisco 2821, i'm using it as default router using ADSL connection, now the boss want me to stop few computer accessing internet via cisco rules and some computer stop only internet but not oputlook email. any recommendation? i probably wants mac add filtering if possible...
0
Comment
Question by:tropicmar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:diepes
ID: 24405642
The problem is the router only supports L3/IP access lists.
If the pc's have fixed IP's, either static config, or set same ip in DHCP (based on mac) you can add a acl to block the IP's

I assume the router is only used for Internet access.

If the router plugs into a Cisco switch you can do mac filtering on the Cisco switch port connecting to the router.


0
 
LVL 13

Accepted Solution

by:
Quori earned 2000 total points
ID: 24407744
It is possible to do this.

Simply put the port into layer 2 mode (via switchport).
Remove the layer 3 details.
Configure your layer 2 details on the physical port.
Enable intelligent bridging (bridge irb)
Create a BVI
Configure layer 3 details on the new BVI logical interface
Apply a MAC ACL to the BVI.

As an example:

bridge irb
!
interface FastEthernet0/0
no ip address
no ip route-cache
no ip mroute-cache
bridge-group 1
no shut
!
interface BVI1
ip address 1.1.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 address aabb.ccdd.eeff discard
!
end
0
 
LVL 13

Expert Comment

by:Quori
ID: 24407767
Note the above would drop pretty much all traffic from the MAC specified.

With what you're attempting to do, you'd be best off using VLANs, and managing it that way, then use layer 3 ACLs for filtering on the specific subnets. This would be far less administrative overhead in the long run.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to perform a hard reset on your router. Usually this is most-useful on wireless routers, but the same concept applies to nearly all home/SOHO routers. This process will return the router to factory defaults, so record your…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question