Cisco Systems router acl on mac address
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
router acl on mac address tg 10-09-08
Posted by tg on October 9, 2008, 5:59 pm
Please log in for more thread options


Cisco router 2651XM with wic-adsl card (Dialer0)
IOS = c2600-adventerprisek9-mz.124-2.T.bin

I'm given to understand it is possible to filter traffic based on mac
address. I've been trawling google but I can't find the syntax I'm
looking for. At the moment all my router traffic on port 25 is
unfiltered.
My router socket f0/1 ip is set at 192.168.1.100 and the router is
currently configured to forward all port 25 (smtp) traffic through f0/1
to my computer set at 192.168.1.101 thus:
ip nat inside source static tcp 192.168.1.101 25 interface Dialer0 25
(pretty straightforward)
and the firewall is set to allow smtp traffic through with:
access-list 105 permit tcp any any eq smtp
But I'd like to filter the port 25 (smtp) traffic by permitting only mac
addresses I specify. All other traffic is to be unaffected. The mac
address permission is to only apply to port 25 (smtp) traffic.
is this possible? any cli examples satisfying the above would be
appreciated.








Posted by Doug McIntyre on October 9, 2008, 7:08 pm
Please log in for more thread options



Its only possible to filter based on MAC address for a bridge setup.

General routing does not allow you to filter based on MAC address.



Posted by Peter on October 9, 2008, 9:47 pm
Please log in for more thread options


Greetings,


There are at least 2 things you need to consider -

As a MAC is a Layer 2 component -
  1. MAC ACL's are written in the 7xx (IE Layer 2) series numbering
format (IE 701, 702, etc).
  2. A router interface normally operates at Layer 3 (IE as a Routed
interface). You need to operate the interface in  Layer 2 mode, and
one way to do that is to BRIDGE it to something else. However this can
bite you as Bridging can impact on performance. You can ensure maximum
throughput but linking the Bridge to a BVI to provide a routed
interface and therefore maximising the Bridge performance.

Cheers................pk.



--
Peter from Auckland.

Posted by tg on October 10, 2008, 1:49 pm
Please log in for more thread options




<snip>

so when you say bridge do you mean I have to connect my router to
another hardware device?



Posted by Doug McIntyre on October 10, 2008, 2:46 pm
Please log in for more thread options




Bridging turns off any smarts in your router, it will just pass
traffic in and push traffic right back out. Its most likely not what
you are looking to do.

In general, MAC filtering isn't that useful, what are you trying to
acomplish anyway?


Similar ThreadsPosted
router acl on mac address October 9, 2008, 5:59 pm
Blocking a MAC address at the router November 29, 2005, 10:02 am
MAC address for switch and router May 22, 2007, 9:50 pm
LAN IP Address of Router resets on its own May 24, 2007, 1:26 am
web config ip address for an 857 router June 23, 2007, 6:55 am
Newbie-Router Unknown IP address April 4, 2006, 11:39 am
Block MAC-Address on a 2851 Router? December 6, 2007, 1:52 pm
MAC Address and Logical Router Interface November 5, 2008, 5:59 pm
we have private IP address on WAN port, no connection through Router? October 6, 2005, 7:12 am
Client Gateway Address in DHCP - Router or Firewall? March 1, 2006, 11:00 am
ezvpn w/ router which has changing public address (PPPoE) March 5, 2006, 4:18 am
Changing the MAc address to VLAN interface or how to SPLIT a router in 2. December 2, 2006, 10:19 am
Wireless clients can't get DHCP address from router behind Aironet 1100 January 20, 2007, 2:10 pm
Differnce between setting mac address port security under the interface vs. the mac address-table global command February 1, 2010, 2:16 pm
Need help!! Interface answer to public address but not to private address July 13, 2006, 7:30 am
Latest PostsForumRSS
NEWS: Samsung takes on the Apple iPad with the 7 inch Galaxy... Wireless Networking
c3560 port configuration Cisco Systems
Broadband 2010: A Big Slowdown [telecom] General Telecommunications Forum
Control Hot Water Circ Pump With X10? General Home Automation
Official Course CCNP TSHOOT 642-832 / Foundation Learning Gu... Cisco Certification
Speedflow Communications Honored for Innovation Voice-Over-IP
USB _to_ RJ45 (not from) connection Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
New Discovery about WDM LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more