Block hosts base on MAC address

tube

Hi,

I configure a DHCP pool on a router. At a moment, any hosts (computers) connect to the router via a switch can receive a dynamic IP address. However, I don't want to give dynamic IP addresses to some hosts based on their MAC addresses. How would I be able to achieve this?

Thank you for your helps.

networker050184

You can set up VLAN access maps to only allow certain traffic on the VLAN. Just use a mac address access list to allow or deny the macs that you want to communicate on that VLAN.

tube

Hello networker050184, thank you for your reply.

That is pretty much what I wanted, but unfortunately I don't have equipment such as switch 3550 in hand. So I can't do much thing about.

Again, thank you.

tube

I have a switch 2950, I am able to create a mac access-list but I can't find the mac access-group command on any fast ethernet interface or VLAN, so that I can apply the access-list to the interface. I am using IOS version 12.1(9)EA1.

networker050184

You use the vlan access-map name global config command to creat the access map. Then you match it to the ACL and specify the desired option. Look at this link for configuration http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html which was the first link that came up from google. Remeber google is your friend!!! Even more the Cisco site is your friend!!!

tube

Thank you networker050184!

I often do a google search and try to learn and do it on my own before I come over here to ask when I am really stuck.

I always have a feeling that you guys in here are lot better and quicker than the search engine can give me, you have a well networking knowledge and can response to a specific question! And I don't think I will ever be able to catch up!!!

Again, thank you and have a great day!

networker050184

Hey don't worry everyone starts at the bottom. Just don't be one of the ones who stay there. As long as you keep learning you will be good.