11-13-2012 12:55 PM - edited 03-04-2019 06:07 PM
hi,
I have a cisco router 881 with advipservices running ios Version 15.2(4)M1
this router is a device that the user will connect company equipement with antivirus and such.
is there a way I can force the ports like fe0 fe1 2 3 to accept only devices with specific mac addresses?
if not, is there a way for me to apply an acl to vlanX to block everything that's not from these specific addresses?
thanks in advance.
11-13-2012 01:32 PM
No, not really. Pretty much the only thing you can do is disable ARP, and setup static ARP entries.
11-13-2012 01:53 PM
Try something like this, if the feature is available on 881:
mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70
The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.
11-13-2012 02:25 PM
wilson_1234 wrote:
Try something like this, if the feature is available on 881:
mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70
The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.
That is not supported on unmanaged switches', like the ones on 800 series routers.
11-13-2012 02:16 PM
Hi,
this can be done with a MAC acl but the acl cant be applied directly under vlan interface.
it can be applied to a bridge interface.
Router#config terminal
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
Router(config)#int vlan1
no ip address
bridge-group 1 {input-address-list 700 | output-address-list 700}
exit
Router(Config)#int bvi1
ip address
exit
access-list 700 deny
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
You can you refer to the below link for more details
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: