11-13-2012 12:55 PM - edited 03-04-2019 06:07 PM
hi,
I have a cisco router 881 with advipservices running ios Version 15.2(4)M1
this router is a device that the user will connect company equipement with antivirus and such.
is there a way I can force the ports like fe0 fe1 2 3 to accept only devices with specific mac addresses?
if not, is there a way for me to apply an acl to vlanX to block everything that's not from these specific addresses?
thanks in advance.
11-13-2012 01:32 PM
No, not really. Pretty much the only thing you can do is disable ARP, and setup static ARP entries.
11-13-2012 01:53 PM
Try something like this, if the feature is available on 881:
mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70
The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.
11-13-2012 02:25 PM
wilson_1234 wrote:
Try something like this, if the feature is available on 881:
mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/1/0 vlan 70
The mac-address defined above and applied to interface f0/1/0 in vlan 70 is the only allowed traffic on the port.
That is not supported on unmanaged switches', like the ones on 800 series routers.
11-13-2012 02:16 PM
Hi,
this can be done with a MAC acl but the acl cant be applied directly under vlan interface.
it can be applied to a bridge interface.
Router#config terminal
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
Router(config)#int vlan1
no ip address
bridge-group 1 {input-address-list 700 | output-address-list 700}
exit
Router(Config)#int bvi1
ip address
exit
access-list 700 deny
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
You can you refer to the below link for more details
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide