>Yes, I do have a goal in mind. I just purchased some wireless equipment and >would like to restrict the MAC addresses allowed in. 40 bit encryption is >not good enough for the paranoid like me. It seems the network name is >advertised. To me, that security really sucks.
OK. I'll assume the filter is at the ingress switch, and you want to use the source address as a safeguard. First, let's review the command: access-list access-list-number {permit | deny} address mask 700-799 what confuses some people is the address is the 48-bit MAC address and the mask is also 48 bits. Otherwise, the masking logic is just like an IP access list. Let's say you want to permit all sources with the Cisco manufacturer code 00000c (there are others). You don't care what the other 24 bits are. Therefore, your access list rule would be access-list 700 permit 0000.0c00.0000 0000.00FF.FFFF You could have an access-list rule for each device, with a 0000.0000.0000 mask. Think long and hard about how you would maintain that > >Besides, it's another challenge. Next, maybe a VPN tunnel. :-) > >Ken > >>>> "Howard C. Berkowitz" 11/15/01 02:24PM >>> >>I am wanting to configure a mac-address filter on my switch but need some >>help. Has anyone done this? >> >>Thanks. >> >>Ken > >Well, yes. But to coin a phrase, and to put it into a better context, >what problem are you trying to solve? I find people learn better >when they have a goal in mind, then look at configuration >alternatives and how they relate to the problem. > >Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26440&t=26398 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]