Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
5
Helpful
4
Replies

Restrict certain MAC addresses to access internet

kazarsm
Level 1
Level 1

‎02-17-2018 07:29 AM - edited ‎03-05-2019 09:56 AM

i want to restrict certain users of the network (WAN) from getting ip address (To restrict internet connection not WAN) from the DHCP server (which is windows server 2008 r2). I need help achieving this with MAC ACLs if possible (other solutions are welcomed). i'm running a Cisco catalyst 2970 switch. 

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎02-17-2018 08:08 AM

Hello,

 

check if the 2970 supports port ACLs (I think it does):

 

ip access-list extended DENY_UDP_67_68
 deny udp any any eq 67
 deny udp any any eq 68
 permit ip any any

 

interface FastEthernet0/0
 ip access-group DENY_UDP_67_68 in

kazarsm
Level 1
Level 1
In response to Georg Pauwen

‎02-18-2018 02:19 AM

Okay. I'll try this and give a feedback. Thx
0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-17-2018 11:41 AM

Why not configure your DHCP server to only give out statically allocated (reserved) addresses?

0 Helpful

kazarsm
Level 1
Level 1
In response to Philip D'Ath

‎02-18-2018 02:18 AM

This is the easiest solution for now. But can't the users just assign an IP address for themselves to avoid the dhcp server (assuming that they know the address range defined) ?
0 Helpful
Customers Also Viewed These Support Documents