Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 857w VPN MAC Blocking

Hi there I have been trying to get a security feature to work on the Cisco 875w router. Basically the router has built in VPN authentication and 6 of these routers are placed in 6 remote workers homes. We want to block all MAC addresses from being able to access the VPN tunnel and then allow manualy the workers MAC address to be able to access the corporate network. I have tried seting up a 700 range ACL and placing it on a virtual-template assigned to the easyvpn connection etc. is there something i am doing wrong or is there a better was of trying to filter who gets to send traffic via the VPN connection. Thanks in advance, Lee.

Hall of Fame Super Gold

Re: Cisco 857w VPN MAC Blocking

Hi, the problem is that you cannot use layer 2 ACL when routing.

One method can be the following:

- disable arp under vlan interface

- setup static arp entries for worker's PC

- setup the allowed IP as ACL input on VLAN

- static config above said IP on the PC

Hope this helps, please rate post if it does!

New Member

Re: Cisco 857w VPN MAC Blocking

Hi thanks for the reply, I cant really statically assign IP addresses on the PCs as the remote workers come into the main office regularly and the subnet for the remote routers is VLSM to a different subnet mask. Also other remote workers visit other remote workers houses and we have about 30 machines in total and the VLSM only configured for 16 addresses (14 usable 13 with a router reserve). So confusing ive spoken to my CCNA tutor about it to, both stumped. So is that the only way that it can be done? What about Cisco Secure Access Control Server Express or is that to over the top for what im trying to achieve?