-4

May be a simple answer, but does anyone have an example of an ACL that would prevent certain users (preferably based on MAC address, so that I can not have to deal with static DHCP addressing) from accessing certain devices on the network?

Example: iPad with MAC AA:AA:AA:AA:AA:AA (DHCP assigned address of 10.10.10.54/24 - subject to change)

Need to block access to 10.10.10.5/24

10.10.10.1 is the gateway.

Citizen
  • 1,103
  • 1
  • 10
  • 19
wb6vpm
  • 23
  • 5

2 Answers2

3

Devices in the same subnet don't need router to access each other. Learn networking basics.

drookie
  • 8,625
  • 1
  • 19
  • 29
  • I have many years of corporate and ISP networking, you are correct, it has been a long couple of weeks (not related to this), and my brain just wasn't thinking this through. – wb6vpm Feb 04 '15 at 04:05
1

On a Cisco Route with IOS 12.2 or higher:

access-list 700 deny 0800.2000.0000 0000.00FF.FFFF

See the Cisco documentation for access-list(standard-ibm).

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Citizen
  • 1,103
  • 1
  • 10
  • 19
  • 1
    If you're going to make copypasta answers, you could at least try and format them is a sane fashion. – EEAA Feb 03 '15 at 02:49
  • relax, the post got messed up. – Citizen Feb 03 '15 at 03:06
  • ...and you're also posting copyrighted material. – EEAA Feb 03 '15 at 03:07
  • Which is why I cited it..... – Citizen Feb 03 '15 at 03:07
  • It's greatly preferred that you write _your own_ answer, and _link_ to supporting documentation. Simply pasting large blocks of text with the formatting lost isn't very helpful and can be confusing. – Michael Hampton Feb 03 '15 at 03:11
  • Paul, you copy/pasted a large section of copyrighted work. Cisco doesn't care whether or not you cite it. A moderator has cleaned things up on your behalf, so I'd recommend that you leave things as-is unless you're fishing for a ban. – EEAA Feb 03 '15 at 03:12