Re: Mac Layer access list [7:48324]
Dennis Laganiere wrote: > Here's what I'm trying to do: I've got a wireless access point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_r/brprt1/brtb.htm#xtocid2 They work only when the box is *bridging* between the interfaces. Been there, done that. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48327&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I have tried this before, but no results. Tha MAC access lists can be used in two cases: -When you are bridging - When using CAR HTH, Hamid ""Dennis Laganiere"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I looked through the CCO, the groupstudy archive and my stack of cisco press > books, but I can't find any information about setting up an ACL for MAC > addresses. Has anybody done it before? > > Here's what I'm trying to do: I've got a wireless access point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48329&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I believe that this functionality can be implented in the access point itself. Probably depends on how feature-rich the AP is, however. I believe the Cisco units can do this. -- Jeff Harris - Cisco/Unix Engineer CCNP - Cisco Certified Network Professional On Mon, Jul 08, 2002 at 06:03:50PM +, Dennis Laganiere wrote: > I looked through the CCO, the groupstudy archive and my stack of cisco press > books, but I can't find any information about setting up an ACL for MAC > addresses. Has anybody done it before? > > Here's what I'm trying to do: I've got a wireless access point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48330&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac Layer access list [7:48324]
As others have pointed out, having your upstream router act as a bridge is your best bet. Out of curiosity, what brand of access point is involved? If you haven't yet, you may want to see if the vendor has an updated firmware available for download that includes the option for the AP to filter by source mac. Hal > -Original Message- > From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 2:04 PM > To: [EMAIL PROTECTED] > Subject: Mac Layer access list [7:48324] > > > I looked through the CCO, the groupstudy archive and my stack > of cisco press > books, but I can't find any information about setting up an > ACL for MAC > addresses. Has anybody done it before? > > Here's what I'm trying to do: I've got a wireless access > point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48333&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
I think you could do what you want by using the rate-limit command (CAR) with a mac acl. Just give the mac addresses you want blocked "0" bandwidth and they're finished! Enjoy! JR ""Dennis Laganiere"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I looked through the CCO, the groupstudy archive and my stack of cisco press > books, but I can't find any information about setting up an ACL for MAC > addresses. Has anybody done it before? > > Here's what I'm trying to do: I've got a wireless access point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48334&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac Layer access list [7:48324]
On Mon, 8 Jul 2002, Jeff Harris wrote: > I believe that this functionality can be implented in the access point > itself. Probably depends on how feature-rich the AP is, however. I believe > the Cisco units can do this. It most certainly can, but obviously not on the AP that Dennis is using. I recently setup MAC address filtering on a Belkin Wireless Access Point, and it works a treat. Although, seeing as Belkin wireless products are all that I have had exposure to, I cannot vouch for other vendors. > Jeff Harris - Cisco/Unix Engineer > CCNP - Cisco Certified Network Professional > On Mon, Jul 08, 2002 at 06:03:50PM +, Dennis Laganiere wrote: > > I looked through the CCO, the groupstudy archive and my stack of cisco > press > > books, but I can't find any information about setting up an ACL for MAC > > addresses. Has anybody done it before? > > > > Here's what I'm trying to do: I've got a wireless access point that lets > > just anybody join. I want to put a router upstream to block all but a > > limited number of pre-defined MAC addresses. Any thoughts? Ashley -- Ashley Reynolds [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48337&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac Layer access list [7:48324]
My intention is to buy an Aeronet 1200, which I believe will have much of this functionality built in. For the initial testing I'm using an old Lucent (Orinoco) access point that I had in my desk from the last time I played with 802.11b two years ago. Since I've long since lost the cable and documentation I haven't been very successful getting a console session to make any changes (if anybody knows the cable pinout and console settings, let me know). I can easily filter based on static IP addresses, but MAC addresses would be better because it would make it that much more difficult to hack. By the way, even once I get the Areonet AP, the principle security tool is 128-bit WEP. The problem here is that WEP only offers encryption, not authentication or other security features; and It's already known to have been hacked - so the access list would still be nice as an extra layer of security. --- Dennis -Original Message- From: Logan, Harold [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 12:32 PM To: Dennis Laganiere; [EMAIL PROTECTED] Subject: RE: Mac Layer access list [7:48324] As others have pointed out, having your upstream router act as a bridge is your best bet. Out of curiosity, what brand of access point is involved? If you haven't yet, you may want to see if the vendor has an updated firmware available for download that includes the option for the AP to filter by source mac. Hal > -Original Message- > From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 2:04 PM > To: [EMAIL PROTECTED] > Subject: Mac Layer access list [7:48324] > > > I looked through the CCO, the groupstudy archive and my stack > of cisco press > books, but I can't find any information about setting up an > ACL for MAC > addresses. Has anybody done it before? > > Here's what I'm trying to do: I've got a wireless access > point that lets > just anybody join. I want to put a router upstream to block all but a > limited number of pre-defined MAC addresses. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48349&t=48324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]