08-21-2018 06:12 PM - edited 03-05-2019 10:52 AM
Hi All,
How can I prevent access to a host if I have both a 3750 router and a 3650 switch, with ZBF.
I have a SIP host on my LAN, it has dynamic IP's that register to it that I cannot filter. Is it possible to have a MAC filter where by only hosts external to my network with the whitelisted MAC can talk to it?
I also have another application which has direct access to the internet and no mechanism to protect it using a user/password. Again, dynamic IPs access it but I need to secure it somehow.
Thanks!
08-22-2018 12:01 AM
Hi there,
Where is the host getting its DHCP lease from? Why don't you statically assign it an IP from the DHCP pool which would allow to to use Layer3 ACLs.
cheers,
Seb.
08-22-2018 12:09 AM
ZBF running where in the network(what device), how is your end device connected ?
If the host is connected to access switch(this what you looking to block), can you have MAC ACL for this to control.
have look config example :
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
Zone based for reference :
08-22-2018 02:48 AM
Hosts are internet based. I suspect a Proxy is my only option...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide