Solved: Restricting access to network on 871 router via mac-address

wantechdean · ‎11-27-2009

Hello,

I have a Cisco 871 router and I'm trying to allow only specific MAC addresses to access the network. Is there a way to specify that only specific MAC addresses are allowed access? Any other MAC's will be denied access?

I can either do static IPs or DHCP for the local machines.

Can I use the this "DHCP Secured IP Address Assignment" details found here... http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftdsiaa.html ?

Can I use these...

mac address-table static

OR

mac address-table security

... to accomplish this?

Thanks.

Panos Kampanakis · ‎11-30-2009

You can use "mac-address-table static" if you know all the mac addresses that will be connected.

If the router is handing out ip addresses then you can indeed do DHCP Secured IP Address Assignment.

Note that on a switch you can do "mac access-list" and aplly it in any vlan that you want.

Or even you can do "dhcp snooping" to allow only hosts that got a dhcp ip addresses and are not spoofing.

I hope it helps.

PK

View solution in original post

Panos Kampanakis · ‎11-30-2009

You can use "mac-address-table static" if you know all the mac addresses that will be connected.

If the router is handing out ip addresses then you can indeed do DHCP Secured IP Address Assignment.

Note that on a switch you can do "mac access-list" and aplly it in any vlan that you want.

Or even you can do "dhcp snooping" to allow only hosts that got a dhcp ip addresses and are not spoofing.

I hope it helps.

PK

wantechdean · ‎12-01-2009

PK, thanks so much.

"mac-address-table static" is exactly what I was looking for. It will only allow MACs in the list to connect. I've tested this and it works perfectly.

You rock!

Panos Kampanakis · ‎12-01-2009

I am glad it helped.

Take care,

PK