Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

mac-address access lists

I have a single remote device attached to a 1700 sereis router. I need to ensure that if anyone disconnects the device, they can't easily plug anything elses in to the router and hence wanted to use a mac-adddress access list.

I have created an access list as follows:

access-list 700 permit xxxx.xxxx.xxxx 0000.0000.0000, but there appears to be no way to add this to the Fa0 interface on the router.

Can anyone confirm if this is possible on a router or does this only work on a switch?

  • Other Network Infrastructure Subjects
2 REPLIES
Cisco Employee

Re: mac-address access lists

How is the interface set up? Are you doing something like L3 IP interface transparent bridging?

if so, you could try something like:

bridge-group 1 input-address-list 700

if not, could you post your interface config?

HTH,

Bobby

*Please rate helpful posts.

New Member

Re: mac-address access lists

No, its the Ethernet local LAN interface of a routed link so no bridging going on.

Config below:

interface FastEthernet0

description Mufulira Post Office Post Office LAN

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip access-group 120 in

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

speed auto

full-duplex

no cdp enable

IP access lst 120 defines just a single host allowed in to a group of servers.

I'm having to tie everything down as much as possible as its for a remote ATM on the end of a Wireless backhaul link and our Risk people are trying to insist that we use mac address security as well. I am already running a GRE tunnel and IPSec 3DES over the routed portion of the link.

197
Views
3
Helpful
2
Replies