How to block a particular Mac-Address of pc to get into network

abhishek18689 · ‎07-16-2013

Hello ,

There are many personal pc's which i dont want to be in company's network. I have tried to stop them via their mac-address by putting access-list command but it didnt work. Can you guys plz help me out which this thing. I am using cisco 2900 series router. Its a user personal pc so he statically add ip in it. Whenever he puts any ip in his pc it shouldnt get any ip from the network. Is it possible?

Marvin Rhoads · ‎07-17-2013

User is connecting to a wired port on your network? If so it should be wired back to a switch, not your router.

On a Cisco Catalyst switch you can set it up with several security features - make user authenticate (802.1x) or restrict to only pre-defined MAC address (port-security).

How to setup these features and which are available depend on your switch model. For example 3560 setup steps for those features are covered here:

802.1x

port security

Most IOS-based Catalyst switches are quite similar.

abhishek18689 · ‎07-17-2013

Well Marvin, if i block the port then no other laptop can connect to that port. All other laptops are on sites which are located on very remote locations. Thats why i cannot configure port-security. Is there any possibility to block from router? I am using cisco 2900 series router.

Marvin Rhoads · ‎07-18-2013

A router cannot block a particular PC from connecting to a downstream switch using a static IP address.

Once you know the offending MAC address, port-security can block him. Requiring users to authenticate with 802.1x also works. Either method allows other authorized and/or authenticated users to connect.