cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4101
Views
0
Helpful
4
Replies
Highlighted
Beginner

881 router, mac filtering

hi,

I have a cisco router 881 with advipservices running ios Version 15.2(4)M1

this router is a device that the user will connect company equipement with antivirus and such.

is there a way I can force the ports like fe0 fe1 2 3 to accept only devices with specific mac addresses?

if not, is there a way for me to apply an acl to vlanX to block everything that's not from these specific addresses?

thanks in advance.                  

4 REPLIES 4
Highlighted
Hall of Fame Master

No, not really. Pretty much the only thing you can do is disable ARP, and setup static ARP entries.

Highlighted
Participant

Try something like this, if the feature is available on 881:

mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70

The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.

Highlighted

wilson_1234 wrote:

Try something like this, if the feature is available on 881:

mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70

The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.

That is not supported on unmanaged switches', like the ones on 800 series routers.

Highlighted

Hi,

this can be done with a MAC acl but the acl cant be applied directly under vlan interface.

it can be applied to a bridge interface.

Router#config terminal

           bridge irb

           bridge 1 protocol ieee

           bridge 1 route ip

Router(config)#int vlan1

               no ip address

               bridge-group 1 {input-address-list 700 | output-address-list 700}

               exit

Router(Config)#int bvi1

               ip address

               exit

               access-list 700 deny 0000.0000.0000

               access-list 700 permit 0000.0000.0000 ffff.ffff.ffff

You can you refer to the below link for more details

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#m