HPE Community
Switches, Hubs, and Modems
1753674 Members
5215 Online
108799 Solutions
New Discussion юеВ

Re: ACLs and MAC addresses

 
andrea vian
Occasional Contributor

тАО06-01-2004 04:30 AM

тАО06-01-2004 04:30 AM

ACLs and MAC addresses

Hallo!
Is it possible to apply ACLs or filter network traffic on a MAC address basis, ie: is it possible to lock out unknown machines?
thanks!
Andrea
0 Kudos
5 REPLIES 5
Ernest Ford
Trusted Contributor

тАО06-01-2004 04:59 AM

тАО06-01-2004 04:59 AM

Re: ACLs and MAC addresses

Yes it is possible BUT it depends on the kind of equipment you're using AND your network architecture.

0 Kudos
andrea vian
Occasional Contributor

тАО06-04-2004 01:37 AM

тАО06-04-2004 01:37 AM

Re: ACLs and MAC addresses

Ernest,
thanks for your reply.
We've got a Procurve 5308XL with software version E.07.27, simple-default configuration and no VLAN.
We have a lot of visiting students' notebooks connecting to the Procurve switch and a win2003 DHCP server leasing IP addresses also connected to the switch.
I'd need to filter IP requests/offers on a MAC address basis, in order to allow access to the LAN only to known students' machines directly connected to the Procurve switch avoiding unknown machines or known machines not directly connected to the switch to get acces to the LAN.
Can you give a schematic idea of things to do and point me in the right direction?
Thanks a lot!
Andrea
0 Kudos
Ernest Ford
Trusted Contributor

тАО06-04-2004 05:22 AM

тАО06-04-2004 05:22 AM

Re: ACLs and MAC addresses

Configure the server for bootp and not DHCP -it's as easy as checking a single box or selecting a different "radio" button in the DHCP management module - but I'm not near my 2K3 server so I can't be certain which of those it is.

The essential difference between the two is that bootp has to have a list of MAC addresses matched to the ip addresses you want assigned to them. You create this list in the same DHCP management module - look for reservations.


0 Kudos
Peter Colsch
Occasional Contributor

тАО06-04-2004 06:16 AM

тАО06-04-2004 06:16 AM

Re: ACLs and MAC addresses

The DHCP solution will not keep someone from configuring a static address and plugging into your switch. The 5300XL series "Access Security Guide" outlines in section 9 "Configuring and Monitoring Port Security" how to accomplish this task.

There is a lot of other good info in there as well.

It can be downloaded from ftp://ftp.hp.com/pub/networking/software/59906052.pdf

Peter
0 Kudos
Ernest Ford
Trusted Contributor

тАО06-04-2004 12:50 PM

тАО06-04-2004 12:50 PM

Re: ACLs and MAC addresses

Quite right Peter - but the request was specifically for a way to filter the "IP requests/offers on a MAC address basis".

Attempts to enforce MAC address restrictions at the switch will limit the use of a switch port to a particular MAC address potentially causing two issues - a given student cannot take his/her notebook from one classroom to the next as well as unused switch ports not being available for use by students that they have not been assigned to.

I have no idea if either of these is a concern in this environment, but it is at my daughter's campus, where access is controlled as I describe.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.