Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restricting access over ISDN to a specific MAC address

We want to have an ISDN connection to a customer site.

However, since we do not have physical control of this remote site, I was wondering if there was a way to "tie down" access to the ISDN line.

For example, I know with certain switches, you are able to lock down the ports so that only the specified MAC address can access it.

Is there something similar I can do with an ISDN router?

There would just be one PC connected to the router, connected by ISDN to our head office.

We want to prevent someone disconnecting that PC and simply plugging in their own device (albeit they would have to give it the necessary IP config) and then having access to our head office network.

Has anyone got any suggestions on how to achieve this and what particular kit we would need to use?

Thanks.

3 REPLIES
Silver

Re: Restricting access over ISDN to a specific MAC address

What about using a mac based access-list to define interesting trafffic and using dial on demand routing?

I've never tried this, has anyone else?

Steve

New Member

Re: Restricting access over ISDN to a specific MAC address

Thanks, that sounds like a possibility.

Does anyone have any ideas on how to configure mac-based ACLs and DDR and what models of ISDN routers and IOS would support it?

Silver

Re: Restricting access over ISDN to a specific MAC address

If it works, the access-list range for mac based is 700-799.

access-list access-list-number permit/deny

<48 bit Hardware address> <48 bit Hardware address mask>

In Cisco IOS Software Release 12.3(7)JA, MAC address ACLs can use numbers in the range of 700-799 as the ACL number. They can also use numbers from the expanded range of 1100-1199

The access-list would be referenced in the dialer-list command.

dialer-list 1 protocol list

Good luck

Steve

116
Views
3
Helpful
3
Replies