MAC Access Control List

**rapiere** · May 4th, 2004, 07:40 PM

I'm trying to implement a MAC Access Control List on our Microsoft LAN.
Can anyone point me in the right direction?

***phishphreek*** · May 4th, 2004, 08:01 PM

What kind of hardware do you use? Specifically, your managed switches.

**rapiere** · May 4th, 2004, 09:36 PM

In our LAN, we're only using unmanaged switches, is there a way to accomplish this via the domain controller w/ dhcp??

***KorpDeath*** · May 4th, 2004, 09:38 PM

Then you need to buy some managed switches.

And to your second question, no, no way that can't be easily bypassed. *cough* static address *cough*

***cacosapo*** · May 4th, 2004, 09:38 PM

could u give us detail about "where" and "why" u want to establish that security? It will be wellcome to allow us to help u.

**rapiere** · May 4th, 2004, 10:37 PM

We're a small startup company we have quite a few people coming in just plugging their laptops into our network. I would like to only authorize people who have their macs on our access control list to be able to get an IP address and connectivity.
Unfortunately we don't have the money to buy a managed switch right now.

***HTRegz*** · May 4th, 2004, 11:01 PM

Hey Hey,

Have you checked out the NetReg Software? We have it implemented here for ITD students running laptops. You have a username and password and plug in your laptop and if it's an unknown MAC address it asks you to login, however each user can only register one PC on the network. It's quite handy software and probably fairly close to what you are looking for. You can check it out @ http://www.netreg.org/

Overview

NetReg is an automated system that requires an unknown DHCP client to register their hardware before gaining full network access. Through a simple web interface, the client is prompted for their user identification. Powerful scripts then retrieve the client's network fingerprint and store it along with the user's information in a database. The database provides administrators with real-time information for troubleshooting and auditing their networks. The entire system was developed utilizing unmodified, open-source servers and in-house developed CGI programs.

Peace,
HT

**gunit0072003** · May 5th, 2004, 07:27 AM

Get yourself a L2 type switch that allows you to configure ACLs based on MAC addresses.

I personally recommend cisco 3550 switch. The 3550 supports L2 and L3 functionality, however for your application/requirement, the L2 is way to go......alot cheaper. I deployed about 500 of them in last 6 month for international bank and they work very nicely..

If your looking for something cheaper, buy the lower model, either the Cisco 1900 or 2900 (although they are discontinued..Cisco no longer supports...works just as well) off Ebay..

Good Luck,,

P.S.
Configuration is straight forward.. All documentation is available on Cisco web site.

**gunit0072003** · May 5th, 2004, 07:27 AM

Get yourself a L2 type switch that allows you to configure ACLs based on MAC addresses.

I personally recommend cisco 3550 switch. The 3550 supports L2 and L3 functionality, however for your application/requirement, the L2 is way to go......alot cheaper. I deployed about 500 of them in last 6 month for international bank and they work very nicely..

If your looking for something cheaper, buy the lower model, either the Cisco 1900 or 2900 (although they are discontinued..Cisco no longer supports...works just as well) off Ebay..

Good Luck,,

P.S.
Configuration is straight forward.. All documentation is available on Cisco web site.

***SirDice*** · May 5th, 2004, 02:27 PM

With these types of switches why not simply turn on port security?

Thread: MAC Access Control List

Thread Tools

Display

MAC Access Control List

Posting Permissions