Securing access to a Host - Cisco Community

544

Views

0

Helpful

3

Replies

Hi All,

How can I prevent access to a host if I have both a 3750 router and a 3650 switch, with ZBF.

I have a SIP host on my LAN, it has dynamic IP's that register to it that I cannot filter. Is it possible to have a MAC filter where by only hosts external to my network with the whitelisted MAC can talk to it?

I also have another application which has direct access to the internet and no mechanism to protect it using a user/password. Again, dynamic IPs access it but I need to secure it somehow.

Thanks!

3 Replies 3

Hi there,

Where is the host getting its DHCP lease from? Why don't you statically assign it an IP from the DHCP pool which would allow to to use Layer3 ACLs.

cheers,

Seb.

ZBF running where in the network(what device), how is your end device connected ?

If the host is connected to access switch(this what you looking to block), can you have MAC ACL for this to control.

have look config example :

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html

Zone based for reference :

https://community.cisco.com/t5/security-documents/ios-zone-based-firewall-step-by-step-basic-configuration/ta-p/3142774

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hosts are internet based. I suspect a Proxy is my only option...

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card