Lock down port to one specific mac-address

Unanswered Question
Feb 26th, 2010
User Badges:


I'm running a basic ASA 5505 with one outside interface and one inside interface (0/1). For security purposes, I'd like to lock down the inside 0/1 port to the mac address of the host that will be connecting to it. We don't want to run DHCP, so utilizing reservations that way won't be an option.

So if the Windows host that will be connecting to the ASA port 0/1 has a mac address of:


How would I tell the ASA to only allow that mac the ability to connect to port 0/1?

Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 02/26/2010 - 14:01
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If you run the ASA in transparent mode then you can block on mac-addresses but if you run in routed mode you cannot use mac-addresses in acls.


jilahbg Fri, 02/26/2010 - 14:03
User Badges:

Create a static arp-entry and base your access-list on that ip only, denying everything else.

Or make your firewall transparent and filter on host mac-address.


This Discussion