04-27-2006 01:43 AM - edited 03-03-2019 02:58 AM
I have a single remote device attached to a 1700 sereis router. I need to ensure that if anyone disconnects the device, they can't easily plug anything elses in to the router and hence wanted to use a mac-adddress access list.
I have created an access list as follows:
access-list 700 permit xxxx.xxxx.xxxx 0000.0000.0000, but there appears to be no way to add this to the Fa0 interface on the router.
Can anyone confirm if this is possible on a router or does this only work on a switch?
04-27-2006 05:11 AM
How is the interface set up? Are you doing something like L3 IP interface transparent bridging?
if so, you could try something like:
bridge-group 1 input-address-list 700
if not, could you post your interface config?
HTH,
Bobby
*Please rate helpful posts.
04-27-2006 07:09 AM
No, its the Ethernet local LAN interface of a routed link so no bridging going on.
Config below:
interface FastEthernet0
description Mufulira Post Office Post Office LAN
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip access-group 120 in
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
speed auto
full-duplex
no cdp enable
IP access lst 120 defines just a single host allowed in to a group of servers.
I'm having to tie everything down as much as possible as its for a remote ATM on the end of a Wireless backhaul link and our Risk people are trying to insist that we use mac address security as well. I am already running a GRE tunnel and IPSec 3DES over the routed portion of the link.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide