No, I mean "physical" access. This router is located at a customers site and I have a device plugged into E/0. I want to secure that port from someone unplugging E/0 and using the port to try and access our network.
Hmm, the only way to address this problem (I think) is to connect a switch to that ethernet interface, then patch that connection to the switch instead of the router. On the switch, port security can be configured to only allow one static mac address.
Unless of course you mean that they have actual physical access to the router. Unauthorized personel should never have access to networking equipment and it should be locked up in an IDF or MDF.
EDIT: Well, I guess you could use an access list to only permit your host address
(config)#access-list 101 permit host any (may not be exact syntax)
(config-if)#ip access-group 101 in
That will just allow the host with your static IP to communicate with the network. This isn't perfiect though, because somebody else could configure another device with the same IP and have it work. The better solution would be a switch in my opinion
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...