mind-control187
asked on
1800 Series Router
Here is the setup:
we have a 1800 series router Stub network that connects to a 7200 router both are Cisco.
the 1800 router is in an employees home who has two PC's that they use to get on the network that use the 1800 router to access the internet / intranet. this router is wide open as far as security and there is no security in place between the 1800 accessing the 7200 and out to the public.
what i want to know is ...is there a way to create a MAC ACL where we can allow only the two PC's mac's thru the router and deny all other MAC's that try to connect?
Thanks in advance and there is no switch involved.
we have a 1800 series router Stub network that connects to a 7200 router both are Cisco.
the 1800 router is in an employees home who has two PC's that they use to get on the network that use the 1800 router to access the internet / intranet. this router is wide open as far as security and there is no security in place between the 1800 accessing the 7200 and out to the public.
what i want to know is ...is there a way to create a MAC ACL where we can allow only the two PC's mac's thru the router and deny all other MAC's that try to connect?
Thanks in advance and there is no switch involved.
I'm no expert on Cisco but the way I am understanding your question is you only want two mac addresses to pass through the router. If you only permit those network devices from interfacing with the router you are cutting off communications with your ISP because it will have no way to communciate to your router based on the restriction you have placed. Not only will you need to know the mac address of your ISP devices. If they have a server farm you will have to include all those devices as well. Over time they will change equipment making this process every difficult to keep up with.
Does your 1800 series router also accept wireless clients? If so it should just gave a built-in wireless mac filtering feature on the WLC GUI itself.
Keep in mind though that mac addresses are transmitted unencrypted and gave very easily be spoofed. It will help twart common attempts to access the router but it in no way provides another layer of security.
Does your 1800 series router also accept wireless clients? If so it should just gave a built-in wireless mac filtering feature on the WLC GUI itself.
Keep in mind though that mac addresses are transmitted unencrypted and gave very easily be spoofed. It will help twart common attempts to access the router but it in no way provides another layer of security.
is there a way to create a MAC ACL where we can allow only the two PC's mac's thru the router and deny all other MAC's that try to connect?
Yes, but some additional information would be helpful. How is the 1800 connected to the 7200? Leased line? Frame-Relay? Internet?
Is it an 1811 with built-in switch?
You may have some options with port security, vlan acls, mac-add sticky, etc. if it is.
You may have some options with port security, vlan acls, mac-add sticky, etc. if it is.
ASKER
@ikalmar i didn't think of the dhcp pool i till look at this as an option after i check to see if it is an 1811 router with built-in switch.
@lrmoore i will check and see if so your right we may try the vlan route if not we will go with the dhcp pool
thank you both.
@lrmoore i will check and see if so your right we may try the vlan route if not we will go with the dhcp pool
thank you both.
ok, in this case you need to create indiviual VLAN for vpn an another users
ASKER
trying the solutions now
ASKER
@donjohnson .... the router is connected through a T1 to the 7200
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Aewsome! you ROCK!!!!
I advise to create individual DHVP pool for two PCs:
ip dhcp pool IPT-teszt1
address 10.169.12.1
hardware-address aabb.ccdd.eeff
network 10.169.12.0 255.255.255.0
default-router 10.169.12.254
option 150 ip 10.200.0.2
ip dhcp pool IPT-teszt2
address 10.169.12.2
hardware-address aabb.ccdd.eefa
network 10.169.12.0 255.255.255.0
default-router 10.169.12.254
option 150 ip 10.200.0.2