07-09-2009 01:27 PM - edited 03-06-2019 06:40 AM
Hi!
I have two Cisco 2960 Switches. Is it possible to use them to allow computers having specific MAC Addresses only and restrict all others or is there any other way to restrict the computers from reaching my internal network that are not part of my domain?
Thanks!
07-09-2009 01:37 PM
Is this on the same vlan or a different vlan? You could use vacls or an acl on the layer switch that connects these switches.
07-09-2009 11:50 PM
if the computers on those switches are static (they don't move to other ports).
You might have a look into port-security
interface fas0/1
switchport port-security
switchport port-security maximum 1
switchport port-security violation restrict
switchport port-security mac-address MAC
if you need more flexibility, you might look to dot1x but these option requires a radius server.
07-10-2009 12:48 AM
You can also consider dot1.x authentication
Hope this help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: