cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
3
Helpful
2
Replies

mac-address access lists

steve.kerr
Level 1
Level 1

I have a single remote device attached to a 1700 sereis router. I need to ensure that if anyone disconnects the device, they can't easily plug anything elses in to the router and hence wanted to use a mac-adddress access list.

I have created an access list as follows:

access-list 700 permit xxxx.xxxx.xxxx 0000.0000.0000, but there appears to be no way to add this to the Fa0 interface on the router.

Can anyone confirm if this is possible on a router or does this only work on a switch?

2 Replies 2

Bobby Thekkekandam
Cisco Employee
Cisco Employee

How is the interface set up? Are you doing something like L3 IP interface transparent bridging?

if so, you could try something like:

bridge-group 1 input-address-list 700

if not, could you post your interface config?

HTH,

Bobby

*Please rate helpful posts.

No, its the Ethernet local LAN interface of a routed link so no bridging going on.

Config below:

interface FastEthernet0

description Mufulira Post Office Post Office LAN

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip access-group 120 in

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

speed auto

full-duplex

no cdp enable

IP access lst 120 defines just a single host allowed in to a group of servers.

I'm having to tie everything down as much as possible as its for a remote ATM on the end of a Wireless backhaul link and our Risk people are trying to insist that we use mac address security as well. I am already running a GRE tunnel and IPSec 3DES over the routed portion of the link.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: