[Webinar] Streamline your web hosting managementRegister Today


MAC filtering on Cisco ESW 520 switch

Posted on 2010-03-25
Medium Priority
Last Modified: 2012-05-09

I'm installing a new switch into a shared office, and I've started playing with 802.x or is it 802.1x :)

Anyway, the idea is that only authorised computers should be able to connect to the network as it is a shared environment, and I wanted to stop any attempt of simply plugging a laptop in and getting an IP address via DHCP, it is a wired ethernet network.  On top of that I have the normal usernames and passwords deal for network resources - but if it is a computer that I am not aware of in the first place, I dont even want it to be able to broadcast a DHCP request on the network.

I figured that I would be able to do this easily with MAC address filtering, and I was informed that the Cisco ESW 520 switch could do this. As we have bar code scanners, the process of getting the MAC address in the first place is trivial.

I figured that all I needed to do was to enter a list of MAC addresses, and the job's done.

However, I am overwhelmed by the configuration on the Cisco ESW 520, and it appears I've bitten off more than I can chew.  

It seems that I need to create ACL's and then associate the ACL's to ports on the switch - I'm completely lost and have no idea how to proceed with what should be a trivial thing.


Question by:pb969
  • 2

Accepted Solution

tomand earned 2000 total points
ID: 28529768

on switches usually you can configure the port to allow only statically/manually) defined list of MAC address to connect. Or the switch can learn some first MAC address(es) and it will not allow to other MACs.
If you have a list of all company devices's MAC addresses it would be fine if the device support MAC filtering/authorisation via RADIUS server. According to cisco doc the ESW 520 supports RADIUS 802.1x authentication:

Radius Accounting — Defines the authentication method used for RADIUS
session accounting. Possible field values are:
- 802.1x — 802.1x authentication is used to initiate accounting.
- Login — Login authentication is used to initiate accounting.
- Both — Both 802.1x and login authentication are used to initiate
- None — No authentication is used to initiate accounting.

I am not sure but perhapsit will work  if you enable 802.1x in port Security and set the Authentication method to 'MAC Only' and you will have the RADIUS server running (with database of allowed MAC addresses) and the switches configured to use RADIUS for 802.1x ...

Author Comment

ID: 28530407
Yep ( and damn )
I think a radius server might make things better
LVL 17

Expert Comment

ID: 28533022
The attached file is the administration guide for esw 520 switches. If you go to the 802.1x. authentication page, you will see that port authentication can be "mac only" type and preferably you can define the mac address there. If you want to go for all mac address make an acl of all and apply them across the interfaces. I think all answers are there if you go through the quick admin guide. Don't have this switch handy, so cannot exactly define.



Author Comment

ID: 28537044
Thanks surbabu,
I already have the admin guide, and it looks like I will need to install a radius server to make it work.

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question