Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
4
Replies

IR809 Router MAC Filtering

dietrroc
Level 1
Level 1

‎09-20-2023 01:52 PM - last edited on ‎09-20-2023 02:03 PM by Community Manager

What my intentions are is to find a way to allow only a single mac address access from the IR809G LAN interface (gig1). I can't find a way to do this from the CLi show commands and information from the Internet. Any assistance is greatly appreciated.

Labels:
0 Helpful
4 Replies 4

M02@rt37
VIP
VIP

‎09-20-2023 01:57 PM

Hello @dietrroc,

You can use port security to restrict the number of MAC addresses on the interface.

Under interface configuration:

switchport port-security

switchport port-security maximum 1

switchport port-security mac-address <mac_address>

switchport port-security violation shutdown

Only the specified MAC address is allowed on the GigabitEthernet1 interface, and any attempts to use a different MAC address will result in the configured violation action (in this example, shutting down the port).

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

dietrroc
Level 1
Level 1
In response to M02@rt37

‎09-21-2023 06:33 AM

I appreciate your assistance, but switchport is not an option for the IR809 Router Gig interfaces. I don't see a way to accomplish this with an access list. What are my options? Thanks!

0 Helpful

paul driver
VIP
VIP

‎09-21-2023 07:36 AM - edited ‎09-21-2023 07:36 AM

Hello
I crude way would be to append a static arp entry on the rtr and acl on the interface relating to the ip address of the host.



Example host = 1.1.1.2  2222.2222.2222
rtr
arp 1.1.1.2 2222.2222.2222 ARPA

ip access-list extended arp-host
permit ip host 1.1.1.2 any

int x/x
description arp-host
ip access-group arp-host in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

dietrroc
Level 1
Level 1

‎09-21-2023 08:20 AM

Thanks for all the great advice. I restricted a single host MAC access to the router using a policy map and tying the policy map to the IR809 Gig1 interface as a service policy.

class-map match-all MAC-ANY
match any
class-map match-any LAN-MAC
match source-address mac 2222.3333.4444
!
policy-map MAC-Filter
class LAN-MAC
class MAC-ANY
drop

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card