- Posts: 19
- Thank you received: 6
Block devices based on MAC address
- calvinlemon
- Topic Author
- Visitor
11 years 11 months ago #38194
by calvinlemon
Block devices based on MAC address was created by calvinlemon
We have a Cisco ASA 5510 for our firewall, I would like to know how can I block devices based on their MAC address from accessing our network and also getting out to the internet. Basically, if someone brings a WAP into our building and plug it into our network, i'd like to prevent it from giving them network/internet access. Thanks.
11 years 11 months ago #38195
by chrnxR
the dreams of yesterday are the hopes of today and the reality of tomorrow.
-Robert H. Goddard
Replied by chrnxR on topic Re: Block devices based on MAC address
Hey calvinlemon,
First id like to say that in such a case its always helpful to have a map which shows the network topology. That makes it easier to argue and it often gives us information we can now only guess about.
However i think blocking the MAC Adresses on the firewall wouldnt solve the Problem you have explained, since the attackers then still have access to the network, which is imo even worse.
Since i dont have any clue about your topology, here are some comon suggestions, plz let me know if it works out for you...
1. Dont patch the ports (patchpanel -> switch) you are not going to use.
2. There is a feature called "Port Security" available on many switches. It allows you to create a list of MAC or IP Adresses who gain Access to a specific Port of the switch. In that way you could block unauthorized clients from connecting to the Network (In most cases).
hope this was what you were looking for.
-chrnxR
First id like to say that in such a case its always helpful to have a map which shows the network topology. That makes it easier to argue and it often gives us information we can now only guess about.
However i think blocking the MAC Adresses on the firewall wouldnt solve the Problem you have explained, since the attackers then still have access to the network, which is imo even worse.
Since i dont have any clue about your topology, here are some comon suggestions, plz let me know if it works out for you...
1. Dont patch the ports (patchpanel -> switch) you are not going to use.
2. There is a feature called "Port Security" available on many switches. It allows you to create a list of MAC or IP Adresses who gain Access to a specific Port of the switch. In that way you could block unauthorized clients from connecting to the Network (In most cases).
hope this was what you were looking for.
-chrnxR
the dreams of yesterday are the hopes of today and the reality of tomorrow.
-Robert H. Goddard
Time to create page: 0.114 seconds