I have branch routers that will have a video phone attached.
I want to only allow the mac-address of the phone inbound on the router ethernet interface.
The phone can communicate with unknown devices.
If I wanted to create this access list and allow my mac-address to communicate with "any" mac address, could I do it this way:
access-list 701 permit 123a.456b.789c ffff.ffff.ffff
And apply the acl inbound on the etherent interface?
There is nothing else on the ethernet interface, only this phone.
The router will not let me apply the layer 2 acl to the router interface.
sorry.. didnt notice it was HWIC-ESW module. I was referring to a normal switch...
For 8 port switch module, the following example shows port security being configured in the MAC address table.
Router(config)# mac-address-table secure 0000.1111.2222 fa0/1/2 vlan 3
Doing this, ONLY the mac address 0000.1111.2222 will be able to access through FA0/1/2
You can have a look at other configurations possible for a switch port module, from the URL below:
if you need advanced security parameters, you can look at 802.1x, protected ports etc..
Hope this helps.. all the best..