router acl on mac address

router acl on mac address
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
router acl on mac address tg 10-09-2008
Posted by tg on October 9, 2008, 5:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Cisco router 2651XM with wic-adsl card (Dialer0)
IOS = c2600-adventerprisek9-mz.124-2.T.bin

I'm given to understand it is possible to filter traffic based on mac
address. I've been trawling google but I can't find the syntax I'm
looking for. At the moment all my router traffic on port 25 is
unfiltered.
My router socket f0/1 ip is set at 192.168.1.100 and the router is
currently configured to forward all port 25 (smtp) traffic through f0/1
to my computer set at 192.168.1.101 thus:
ip nat inside source static tcp 192.168.1.101 25 interface Dialer0 25
(pretty straightforward)
and the firewall is set to allow smtp traffic through with:
access-list 105 permit tcp any any eq smtp
But I'd like to filter the port 25 (smtp) traffic by permitting only mac
addresses I specify. All other traffic is to be unaffected. The mac
address permission is to only apply to port 25 (smtp) traffic.
is this possible? any cli examples satisfying the above would be
appreciated.








Spring Sale Save 20% Banner - Sale Ended 5/3/07 So Updated to NonPromo Ad
Posted by Doug McIntyre on October 9, 2008, 7:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


>Cisco router 2651XM with wic-adsl card (Dialer0)
>IOS = c2600-adventerprisek9-mz.124-2.T.bin

>I'm given to understand it is possible to filter traffic based on mac
>address. I've been trawling google but I can't find the syntax I'm
>looking for. At the moment all my router traffic on port 25 is
>unfiltered....


Its only possible to filter based on MAC address for a bridge setup.

General routing does not allow you to filter based on MAC address.



Posted by Peter on October 9, 2008, 9:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Greetings,

> I'm given to understand it is possible to filter traffic based on mac
> address. I've been trawling google but I can't find the syntax I'm
> looking for.

There are at least 2 things you need to consider -

As a MAC is a Layer 2 component -
1. MAC ACL's are written in the 7xx (IE Layer 2) series numbering
format (IE 701, 702, etc).
2. A router interface normally operates at Layer 3 (IE as a Routed
interface). You need to operate the interface in Layer 2 mode, and
one way to do that is to BRIDGE it to something else. However this can
bite you as Bridging can impact on performance. You can ensure maximum
throughput but linking the Bridge to a BVI to provide a routed
interface and therefore maximising the Bridge performance.

Cheers................pk.



--
Peter from Auckland.

Posted by tg on October 10, 2008, 1:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



> Greetings,
<snip>
>. You need to operate the interface in Layer 2 mode, and
> one way to do that is to BRIDGE it to something else. However this can
> bite you as Bridging can impact on performance. You can ensure maximum
> throughput but linking the Bridge to a BVI to provide a routed
> interface and therefore maximising the Bridge performance.

so when you say bridge do you mean I have to connect my router to
another hardware device?



Posted by Doug McIntyre on October 10, 2008, 2:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



>> Greetings,
><snip>
>>. You need to operate the interface in Layer 2 mode, and
>> one way to do that is to BRIDGE it to something else. However this can
>> bite you as Bridging can impact on performance. You can ensure maximum
>> throughput but linking the Bridge to a BVI to provide a routed
>> interface and therefore maximising the Bridge performance.

>so when you say bridge do you mean I have to connect my router to
>another hardware device?

Bridging turns off any smarts in your router, it will just pass
traffic in and push traffic right back out. Its most likely not what
you are looking to do.

In general, MAC filtering isn't that useful, what are you trying to
acomplish anyway?


Similar ThreadsPosted
Blocking a MAC address at the router November 29, 2005, 10:02 am
MAC address for switch and router May 22, 2007, 9:50 pm
LAN IP Address of Router resets on its own May 24, 2007, 1:26 am
web config ip address for an 857 router June 23, 2007, 6:55 am
Newbie-Router Unknown IP address April 4, 2006, 11:39 am
Block MAC-Address on a 2851 Router? December 6, 2007, 1:52 pm
MAC Address and Logical Router Interface November 5, 2008, 5:59 pm
we have private IP address on WAN port, no connection through Router? October 6, 2005, 4:12 am
Client Gateway Address in DHCP - Router or Firewall? March 1, 2006, 11:00 am
ezvpn w/ router which has changing public address (PPPoE) March 5, 2006, 4:18 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map