Cisco MAC filter for ethernet ?

M

mlebel

n00b
Joined
Sep 23, 2007
Messages
7
Hello,

I own a cisco 1811 router. There's is no wi-fi built-in feature on the router and I do not use wi-fi in my network.

I would like ton configure the router with a "mac filter" for all ethernet connection, like linksys router do to permit wi-fi connection.

I would like to deny all, and permit specific client using their mac, there's no problems for me to allow each switch in the network + clients.

I think I can accomplish this using the NAC fonction of the router but I have to use a RADUIS server but I would like to avoid that. There's only 12 clients in the network.

Thanks for helping.
 
ACLs

From my 1720.
access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL absolute timer
Click to expand...

So an example would be:
access-list 700 per 001c.baba.ca1b 0000.0000.0000
 
Thanks for the answer but it's my frt time with a cisco router here.

Using SDM, I go to configure / firewall and ACL / Edit Firewall and ACL policy and then I have to select a direction

Or

Additional Tasks / ACL Editor
  • Access Rules
  • NAT Rules
  • IPSec Rules
  • NAC Rules
  • Qos Rules
  • Unsupported Rules
  • Externally-defined Rules
  • SDN Default Rules

I'm not sure where to go
 
I dont know much about the gui. But I would assume access list is where you need to go...
 
There are lots of features that the GUI does not support. You're going to have to go into the command line and enter the access list just as xeon711 showed.

telnet <router IP>

You may need to enter a user ID and password or just a password depending on how it's configured. I am assuming that you have a user ID and password that will put you right into privileged mode. Once there do the following:

RouterName# config terminal
RouterName(config)# access-list 700 per 001c.baba.ca1b 0000.0000.0000

Replace the "001c.baba.ca1b 0000.0000.0000" with real MAC addresses.

Type in "exit" twice when you're done.

Oh yeah..."wr mem" when you're done to save the changes.
 
Dont you think mac filtering is a little bit weak in terms of security? Still dont know why people use it it is quite simple to crack (i.e just run a decent network scan and look at the mac addresses of the source)
 
You must log in or register to reply here.
Back
Top