Block MAC-Address on a 2851 Router?
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by Christoph Gartmann on December 6, 2007, 1:52 pm
Please log in for more thread options
is it possible to block a given MAC-address on a 2851 router (IOS 12.4)? If so, how? Regards, Christoph Gartmann -- Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452 Immunbiologie Postfach 1169 Internet: gartmann@immunbio dot mpg dot de D-79011 Freiburg, Germany http://www.immunbio.mpg.de/home/menue.html | ||||||||||
|
Posted by Peter on December 6, 2007, 10:45 pm
Please log in for more thread options  requirements and side effects that you need to be aware of.....;-) It all comes down to what device TYPE (Switch, Router, Layer 3 Switch, etc) you are trying to do this on. I am assuming you are using a Full Router and not a Layer 3 Switch, where the method is likely to be different. A MAC is a Layer 2 construction, so while you can build a MAC ACL (type 700) you can only APPLY that ACL to an interface that is operating in Layer 2 mode. By default, all Router ports are Layer 3 ports, and so wont natively take a type 700 ACL. You first need to drop the interface down to Layer 2 by putting that PORT into BRIDGE (Layer 2) mode first. The negative thing about BRIDGE mode is that all segments are then forced to operate at the speed of the slowest segment, so here you find the use of the BVI (Bridged Virtual Interface) very useful, allowing you to Route off the MAC ACL segment.... I needed to add MAC security to a 2600 so I - 1. Defined a Bridge Group. 2. Configured a BVI for that Bridge Group to take the Layer 3 properties for the segment, 3. Then added the Physical interface to that Bridge Group. 4. I then applied the MAC ACL to the PHYSICAL interface. Note that it uses a special form of the command to add the MAC ACL. This method allows the use of MAC ACL's but also allows the Bridged interface to operate at full speed and not the speed of the Bridged WAN segment (as in my case). I hope this helps................pk. -- Peter from Auckland. | ||||||||||
| Similar Threads | Posted |
| Block MAC-Address on a 2851 Router? | December 6, 2007, 1:52 pm |
| SELL CISCO router 1841 2801 2821 2851 3825 3845 | November 27, 2007, 4:37 am |
| SELL CISCO router 1841 2801 2821 2851 3825 3845 | January 11, 2008, 4:58 am |
| CISCO router 1841 2801 2811 2821 2851 3825 3845 | December 19, 2008, 3:27 am |
| Ethernet Interface for 2851? | February 9, 2007, 8:10 am |
| can I block gmail using NAT Router | November 18, 2005, 2:44 pm |
| Block Website s in Cisco Router | November 9, 2009, 5:06 am |
| sell CISCO 1841 2801 2811 2821 2851 3825 3845 | January 1, 2008, 10:20 pm |
| Block UDP on Port 514 | July 22, 2005, 11:16 am |
| How to block certain web sites | February 23, 2006, 9:16 am |
| Block Itunes on Pix 515 | December 6, 2006, 11:12 am |
| how to using pix to block site | December 26, 2006, 4:53 am |
| PIX 501 to Block Websites | June 15, 2007, 9:05 pm |
| Re: PIX 501 to Block Websites | June 16, 2007, 10:24 am |
| How to block certain website | August 4, 2007, 8:02 am |
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Click Here to learn more |
> how?