|
Posted by Doug McIntyre on October 11, 2008, 11:47 pm
>> In general, MAC filtering isn't that useful, what are you trying to
>> acomplish anyway?
>trying to exercise some control over what machines (out there on the
>internet) can have access to my mail server on port 25. Filtering based
>on ip address is unworkable as people's ip's change all the time. What
>doesn't change is their mac address.
>I am using multiple barriers against spammers at application level but
>if there's anything my router can do to assist in this I want to exploit
>that. Someone on the cisco forum told me I could implement mac address
>filtering but they didn't elaborate on exactly how it's done.
You won't ever see anybody else's MAC address, thats the reason its
not useful. You'll only see your own MAC address, your LAN machines, and
nothing else (assuming your nexthop out is a WAN hop).
Even in a pure LAN environment (ie. a colo data center), you'd only
see the next hop device MAC address and your own.
MAC addresses stay local only to your LAN, by the time the IP packets
get to you, they'll only have your gateway router in them.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map
> acomplish anyway?