cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
614
Views
2
Helpful
8
Replies

MAC Address filters

Hi Netpro's,

How can we allow/deny traffic based on mac addresses either on Firewall or a Router. Waiting for your valuable responses. Thanks.

-Faiz

8 Replies 8

rajinikanth
Level 3
Level 3

Hi,

Check the link for mac base traffic blocking.

http://www.cisco.com/en/US/products/hw/routers/ps368/products_configuration_guide_chapter09186a0080160ec9.html#wp1074871

Hope this answers ur Q

Thanks

Raj

Hi,

The link was quite useful. But how can we allow certain mac address only to pass thru. What is happening in my LAN is that users are swapping IP addresses in order to browse internet. What I want is only allow mac address of particual PC/laptop only to pass thru. Thanks in advance.

Hi,

Do you have any layer2 switch before the pcs connect to the router.

Yes there is a L2 switch and it has a flat configuration.

Check whether your switch supports

mac access-list extended command for more details check this link.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_command_reference_chapter09186a00801f5eb5.html#wp1976794

Thanks

Raj

Hello Mohammed,

if your users are able to swap IP addresses by themselves, I assume you are not using DHCP ? Just be aware that blocking/allowing MAC addresses would not really have an effect on the access the corresponding IP address has. Let's say your user's NIC has MAC address 0012.3456.7890, and you allow that MAC address (to access the Internet), it would not really matter what IP address is assigned to the NIC; any IP addresses configured on the NIC would be able to pass through. So your users could still swap IP addresses and access the Internet, as long as you allow the MAC address.

Also, MAC address access lists only affect non-IP traffic, which means that they won't have any effect when trying to filter IP hosts.

Wouldn't a standard or extended access list be suffucient, where you specify which addresses you want to allow to access the Internet ?

Regards,

GNT

Hi Guys,

So what can be done in order to allow specific users internet browsing only from a particular PC, if a user tries other than his PC he should not be able to.

Thanks

Hi

In that case you need to have a Proxy-server which can validate a user, establish a connection to internet.In some of the servers, you can bind a user to that MAC etc.This can be achieved using following combinations :

(1)Use a Third party proxy server like Mikrotik etc. to validate users.

(2)Use Cisco ASA/PIX or something like that to validate users.

(3)Create dial-in users on your non-core router (say PPPoE etc).

Hope I have helped you.

Regards

JD

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco