09-16-2012 10:18 PM - edited 03-07-2019 08:54 AM
Hi,
I have a 2921, and I have 4 network segments.
In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.
How can I do that?
Thank you!
A.
Solved! Go to Solution.
09-16-2012 11:49 PM
I Agree with Paolo. static arp entries is the way.
But why you need this specific requirement? If you have a device with ip 172.16.0.2 for example, why you should bind it to some specific mac? it has only one mac address and that is not supposed to change, right? so why don't you just add MAC ACL if that is really needed?
Amjad
Rating useful replies is more useful than saying "Thank you"
09-17-2012 09:22 AM
Hi,
For MAC ACL, you the "mac access-group ... in" command:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m1.html#wp1076835
Kind Regards,
Ivan Shirshin
**Please grade this post if you find it useful.
09-16-2012 11:46 PM
You will need to setup static arp entries, and disable arp protocol..
That is so time consuming, and so un-managebale, that you should really find a better way to manager you network security rather than relying on IP and MAC.
09-16-2012 11:49 PM
I Agree with Paolo. static arp entries is the way.
But why you need this specific requirement? If you have a device with ip 172.16.0.2 for example, why you should bind it to some specific mac? it has only one mac address and that is not supposed to change, right? so why don't you just add MAC ACL if that is really needed?
Amjad
Rating useful replies is more useful than saying "Thank you"
09-17-2012 12:08 AM
Sorry for being dumb, but how do i do MAC ACL?
Thanks!
09-17-2012 09:22 AM
Hi,
For MAC ACL, you the "mac access-group ... in" command:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m1.html#wp1076835
Kind Regards,
Ivan Shirshin
**Please grade this post if you find it useful.
09-17-2012 12:09 PM
Amjad Abdullah schrieb:
so why don't you just add MAC ACL if that is really needed?
Don't forget to mention that on most switches and newer IOS versions MAC ACLs don't work for IP packets. Thus they don't have any impact at best or block system relevant network protocoll traffic at worst.
09-17-2012 10:38 PM
pille1234 wrote:
Amjad Abdullah schrieb:
so why don't you just add MAC ACL if that is really needed?Don't forget to mention that on most switches and newer IOS versions MAC ACLs don't work for IP packets. Thus they don't have any impact at best or block system relevant network protocoll traffic at worst.
oh, really? I did not know that!!
Rating useful replies is more useful than saying "Thank you"
09-18-2012 02:06 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide