Allow Access by MAC only 1

[ibredbeard]

Hi,
I searched through this forum and I haven't found a definitive answer to whether you can block access to the internet via MAC addresses. I have a Cisco PIX 506E. Is it possible? Thanks in advance!

 

[voltron1011]

Since firewalls work on layer-3 and above, there really is no way of filtering via MAC. Layer-2 information is usually just held by the local switch's ARP table, so there is no real way to block it further out.

 

[KiscoKid]

If you have a decent switch attached to the firewall, you could bang on MAC access lists on that switch. They can do MAC address filtering. If this sounds feasible, let me know if you're interested and I can provide the links on how to set it up.

 

[NetworkGhost]

There is a way to block by MACs on the Pix, I saw it on a cartoon once but I think it will work in real life. What type of traffic are you looking to block or control rather?