08-14-2006 04:27 PM - edited 03-05-2019 12:00 PM
I am using Cisco 831 at many smaller remote offices with DHCP. What is the best way to both monitor and control access on the 4 fastethernet ports. Is there a way to secure all of the ports with a MAC address security, etc so only certain machines will be able to gain network and internet access via the router?
Thanks - any help would be appreciated.
Jamie
08-15-2006 02:08 AM
Hello Jamie,
the 831 does not support port-security on the FastEthernet ports. There is however a workaround you could use, if you have a limited number of know MAC addresses that you want to block. Basically, what you do is use the command:
arp {ip-address | vrf vrf-name} hardware-address encap-type [interface-type]
to manually blackhole MAC addresses by sending them to a Loopback or Null interface. Let's say you want to deny IP address 192.168.1.10 with MAC address 00ed.3456.7896, the entry would be:
arp 192.168.1.10 00ed.3456.7896 arpa Loopback0
This would effectively send all traffic for that IP and MAC address to the Loopback interface...
HTH,
GNT
08-15-2006 09:06 AM
What if I just wanted to allow 4 mac addresses access, would I just use the inverse?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide