Cisco 857w VPN MAC Blocking

Unanswered Question
Feb 6th, 2008
User Badges:

Hi there I have been trying to get a security feature to work on the Cisco 875w router. Basically the router has built in VPN authentication and 6 of these routers are placed in 6 remote workers homes. We want to block all MAC addresses from being able to access the VPN tunnel and then allow manualy the workers MAC address to be able to access the corporate network. I have tried seting up a 700 range ACL and placing it on a virtual-template assigned to the easyvpn connection etc. is there something i am doing wrong or is there a better was of trying to filter who gets to send traffic via the VPN connection. Thanks in advance, Lee.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paolo bevilacqua Wed, 02/06/2008 - 13:51
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi, the problem is that you cannot use layer 2 ACL when routing.

One method can be the following:

- disable arp under vlan interface

- setup static arp entries for worker's PC

- setup the allowed IP as ACL input on VLAN

- static config above said IP on the PC

Hope this helps, please rate post if it does!

leejones365 Thu, 02/07/2008 - 01:29
User Badges:

Hi thanks for the reply, I cant really statically assign IP addresses on the PCs as the remote workers come into the main office regularly and the subnet for the remote routers is VLSM to a different subnet mask. Also other remote workers visit other remote workers houses and we have about 30 machines in total and the VLSM only configured for 16 addresses (14 usable 13 with a router reserve). So confusing ive spoken to my CCNA tutor about it to, both stumped. So is that the only way that it can be done? What about Cisco Secure Access Control Server Express or is that to over the top for what im trying to achieve?


This Discussion