Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mac Address Access List on Cisco Switches

Status
Not open for further replies.
danr19

danr19

Technical User
Aug 30, 2003
24
0
0
AR
Hi,

It is possible to create a Mac address access list on Cisco Switches?
I have 29XX, 35XX, 2950 and 3550 models in my job. I´ve tried to do it with Port Security. It works fine but it´s a mess administrate that. I think it´s good when you don´t have to move equipment but it´s complicated when you have roaming users.
So, I´d just like to load a group of Mac address of the allowed machines, it doesn´t matter in which port they are connected.
I´ll really apreciate any suggestion.

Best regards,

danr19.

 
Sort by date Sort by votes
the question is where do you want to limit them in the network. do you want to limit them at the edge of the network at the access ports or do you want to limit their access to specific networks. it all depends on where you are trying to limit their access. if you want to limit their access on the uplinks then apply the ACL on the uplink ports, if its a vlan that you want to limit access to then apply the ACL at the vlan boundary. Since its layer 2 MAC addresses you will want to limit their access at the VLAN boundary since their MAC will be rewritten if they are routed.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization
 
Upvote 0 Downvote
if you are looking for a solution to secure your network from inside you could also consider to use one of the different implementations of 802.1x.

busche
 
Upvote 0 Downvote
Dear Lui3,

I just wanted to limit access at port level.
My idea is to stop or block any port of that switch when somebody wants to connect there an unknown or unauthorizated PC.
I should do it in that way because I have remote branches with one switch, no VLAN or L3 security, so I can't deploy there, I guess, 802.1X.

Thanks,

danr19

 
Upvote 0 Downvote
Dear Parcival21,

I've read about it, but I'm looking for something simpler for many reasons.
I want to do L2 security at the main office and branches, most of them with a few PCs and a satelital link.
Besides, 70% of the PCs have still Windows 98, so I should install them an 802.1X client.

Thanks,

danr19
 
Upvote 0 Downvote
so write an access-list with the approved mac addresses and apply them at the port level depending on the model of switches you are using this should work.

VMPS is also an option. Two vlans one is routable one is not. all depends on your mac address. if you are approved you get placed in the routable vlan if you are not then you get placed in the not routable.


Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
119
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
103
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
120
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
107
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
138
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top