deny network access

  • Thread starter Thread starter jas0n
  • Start date Start date
J

jas0n

is it possible to deny network access via mac address?

the network currently runs on 2 * 3com switches but tomorrow im putting
in a cisco 48 port 2950T

is it possible at the switch level with the new switch? there is
currently just 1 mac address I want to basically ban form the network
(someones personal laptop who will not listen when told they are not
authorised to plug it in due to company policy ... I have his mac
address from the dhcp logs)

he will be disciplined over behavoir but I want to ensure his laptop
does not work on our network at all.

if not at switch level then at the w2k server level so he doesnt get a
DHCP address .... ?
 
is it possible to deny network access via mac address?

the network currently runs on 2 * 3com switches but tomorrow im putting
in a cisco 48 port 2950T

is it possible at the switch level with the new switch? there is
currently just 1 mac address I want to basically ban form the network
(someones personal laptop who will not listen when told they are not
authorised to plug it in due to company policy ... I have his mac
address from the dhcp logs)

he will be disciplined over behavoir but I want to ensure his laptop
does not work on our network at all.

if not at switch level then at the w2k server level so he doesnt get a
DHCP address .... ?
Click to expand...

Check the switch documentation, but an alternative could be to set a
DHCP address range of one IP and reserve that for his MAC address.
Make sure that IP can't work in your network scheme (like using
127.0.0.1) and his system won't be on your logical net.

Jeff
 
Hi jason,

That is indeed possible.

If you follow the following commands:

config ter
interface [interface-id]
switchport mode access
switchport port-security
switchport port-security maximum [value] (in your case 1)
switchport port-security violation protect (this causes when the person
tries to log on his packets are droped)| shutdown (this causes the port go
shutdown, you must then manually enable the port again.
switchport port-security mac address [mac-address]
end
copy runing-config startu-config

Good luck with it.

Ulbe Daemen
 
Check the switch documentation, but an alternative could be to set a
DHCP address range of one IP and reserve that for his MAC address.
Make sure that IP can't work in your network scheme (like using
127.0.0.1) and his system won't be on your logical net.

Jeff
Click to expand...

yes, would certainly give him something to think about but if he created
static ip at this point he'd still get on ... he knows enough to be
dangerous.
 
Back
Top