[c-nsp] Blocking a Mac address at a router interface
Gert Doering
gert at greenie.muc.de
Thu Sep 23 11:47:13 EDT 2004
Hi,
On Thu, Sep 23, 2004 at 08:55:49AM -0600, Chris Moore - GMD wrote:
> I have a branch office served by a 1721 router. I have a guy there with his
> own laptop that he keeps connecting to the network against company policy,
> changing his IP to evade filters. I know, we should just fire the guy, but
> company politics, not my decision, etc,etc.......Anyhoo, how can I block his
> mac at the 1721's Ethernet interface? Unfortunately the cheapo switch in
> place fails to provide adequate port security.
I've had that problem in the past (hosting customer being hacked, and
(ab-)using lots of IP addresses that don't belong to that server).
I have not been able to find a way to do what you want.
Filtering by MAC address is possible in bridging mode, but does not seem
to be possible in IP routing mode (on "router" platforms, at least).
gert
--
Gert Doering
Mobile communications ... right now writing from * RIPE49 @ Manchester *
More information about the cisco-nsp
mailing list