Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2144
Views
0
Helpful
2
Replies

Lock down port to one specific mac-address

bthompson001
Level 1
Level 1

‎02-26-2010 12:43 PM - edited ‎03-11-2019 10:15 AM

Greetings.

I'm running a basic ASA 5505 with one outside interface and one inside interface (0/1). For security purposes, I'd like to lock down the inside 0/1 port to the mac address of the host that will be connecting to it. We don't want to run DHCP, so utilizing reservations that way won't be an option.

So if the Windows host that will be connecting to the ASA port 0/1 has a mac address of:

00:44:00:f0:21:cg

How would I tell the ASA to only allow that mac the ability to connect to port 0/1?

Thanks in advance!

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-26-2010 02:01 PM

If you run the ASA in transparent mode then you can block on mac-addresses but if you run in routed mode you cannot use mac-addresses in acls.

Jon

0 Helpful

jilahbg
Level 1
Level 1

‎02-26-2010 02:03 PM

Create a static arp-entry and base your access-list on that ip only, denying everything else.

Or make your firewall transparent and filter on host mac-address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card