Hi,You could use MQC to drop

tsgcisco · ‎03-14-2005

Is it possible to restrict what device can be plugged into each of the four ethernet ports on an 831 router? It has four local lan ports, and well we strictly want four specific devices to be able to attach to the four ports. Thinking maybe you could some how filter based on MAC address. We have the devices and mac addresses we want to restrict.

We are rolling the devices out to home users, we provide the internet access, router and equipment. Router is configured to VPN back into corporate office. We dont want the users to be able to plug in a personal computer or anything, just the IP phone and thin client we provide.

Just a thought, any ideas on how to do this would be appreciated.

cadet alain · ‎08-10-2014

Hi,

You could use MQC to drop frames from unknown MAC addresses like this:

class-map match-any PERMIT-MAC

match source-address mac xxxx.xxxx.xxxx

class-map match-any DENY-MAC

match not class PERMIT-MAC

policy-map DENY-MAC

class DENY-MAC

drop

int vlan 1

service-policy input DENY-MAC

Where xxxx.xxxx.xxxx are the known permitted MAC addresses, this way the unknown MAC addresses won't communicate with the outside world.

Now if you don't want these to communicate inside your LAN also then if it is available on this platform you could disable dynamic src MAC learning and put static MAC entries for known addresses.

If none of these solutions are good for you then I'm going to look at the Cisco doc for this platform to sse if other configs could be done, which IOS are you running?

Regards

Alain

Don't forget to rate helpful posts.

Cisco 831 Ethernet Ports locking access to them?