>Yes, I do have a goal in mind. I just purchased some wireless equipment and
>would like to restrict the MAC addresses allowed in. 40 bit encryption is
>not good enough for the paranoid like me. It seems the network name is
>advertised. To me, that security really sucks.
OK. I'll assume the filter is at the ingress switch, and you want to
use the source address as a safeguard.
First, let's review the command:
access-list access-list-number {permit | deny} address mask
700-799
what confuses some people is the address is the 48-bit MAC
address and the mask is also 48 bits. Otherwise, the masking logic is
just like an IP access list.
Let's say you want to permit all sources with the Cisco manufacturer
code 00000c (there are others). You don't care what the other 24 bits
are.
Therefore, your access list rule would be
access-list 700 permit 0000.0c00.0000 0000.00FF.FFFF
You could have an access-list rule for each device, with a
0000.0000.0000 mask. Think long and hard about how you would maintain
that
>
>Besides, it's another challenge. Next, maybe a VPN tunnel. :-)
>
>Ken
>
>>>> "Howard C. Berkowitz" 11/15/01 02:24PM >>>
>>I am wanting to configure a mac-address filter on my switch but need some
>>help. Has anyone done this?
>>
>>Thanks.
>>
>>Ken
>
>Well, yes. But to coin a phrase, and to put it into a better context,
>what problem are you trying to solve? I find people learn better
>when they have a goal in mind, then look at configuration
>alternatives and how they relate to the problem.
>
>Howard
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26440&t=26398
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
