IP packet filtering based on MAC addresses

Unanswered Question
Jun 24th, 2002
User Badges:
  • Bronze, 100 points or more

Can I do IP packet filtering based on MAC addresses when I have IP routing enabled on a cisco router (ethernet)?

I would like to allow certain ethernet host on my network. They all have the same unique OUI. However our network uses IP routing , not bridging. Is there a way to define an access-list based on MAC addresses when I use routing ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Mon, 06/24/2002 - 14:38
User Badges:

Hi,


I dont think so but you could go round this.

Configure the LAN interface for bridging

and apply the MAC access-list to the incoming ethernet

interface. You then enable IRB and creat an interface BVI

which is which would be the point where bridged ethernet traffic

enters the routed network.


e.g


int ethernet 0

bridge-group 1

bridge-group 1 input-address-list 702

!

interface bvi 1

ip address 1.1.1.1 255.255.255.1 -->an address for the subnets used for host on the LAN

!

bridge 1 protocol ieee

bridge irb

bridge 1 route ip

!

access-list 702 permit 0002.4b00.0000 0000.00ff.ffff



Hope it helps

Regards

oodunuga




Actions

This Discussion