BLOCK A HOST FROM THE INSIDE

Discussion in 'Cisco' started by vreyesii, Oct 24, 2006.

  1. vreyesii

    vreyesii Guest

    Hello,

    Is there a way to block a host from the inside using only there MAC
    address on a PIX 501?

    Thank You
     
    vreyesii, Oct 24, 2006
    #1
    1. Advertising

  2. vreyesii

    Brian V Guest

    "vreyesii" <> wrote in message
    news:...
    > Hello,
    >
    > Is there a way to block a host from the inside using only there MAC
    > address on a PIX 501?
    >
    > Thank You
    >


    nope, no can do on MAC alone. What you can do tho is make a DHCP reservation
    for that MAC, bind an IP to it, then block that IP.

    access-list inside_block deny ip host X.X.X.X any
    access-list inside_block permit ip any any
    access-group inside_block in interface inside
     
    Brian V, Oct 24, 2006
    #2
    1. Advertising

  3. vreyesii

    vreyesii Guest

    Can you please help me with the DHCP reservation for the MAC address.
    Also, can you help me with the binding of an IP?

    Thank You


    Brian V wrote:
    > "vreyesii" <> wrote in message
    > news:...
    > > Hello,
    > >
    > > Is there a way to block a host from the inside using only there MAC
    > > address on a PIX 501?
    > >
    > > Thank You
    > >

    >
    > nope, no can do on MAC alone. What you can do tho is make a DHCP reservation
    > for that MAC, bind an IP to it, then block that IP.
    >
    > access-list inside_block deny ip host X.X.X.X any
    > access-list inside_block permit ip any any
    > access-group inside_block in interface inside
     
    vreyesii, Oct 24, 2006
    #3
  4. vreyesii

    Guest

    You also have my favourite command, "shun"

    What are you using for the DHCP server ?

    vreyesii wrote:
    > Can you please help me with the DHCP reservation for the MAC address.
    > Also, can you help me with the binding of an IP?
    >
    > Thank You
    >
    >
    > Brian V wrote:
    > > "vreyesii" <> wrote in message
    > > news:...
    > > > Hello,
    > > >
    > > > Is there a way to block a host from the inside using only there MAC
    > > > address on a PIX 501?
    > > >
    > > > Thank You
    > > >

    > >
    > > nope, no can do on MAC alone. What you can do tho is make a DHCP reservation
    > > for that MAC, bind an IP to it, then block that IP.
    > >
    > > access-list inside_block deny ip host X.X.X.X any
    > > access-list inside_block permit ip any any
    > > access-group inside_block in interface inside
     
    , Oct 24, 2006
    #4
  5. vreyesii

    Brian V Guest

    "vreyesii" <> wrote in message
    news:...
    > Can you please help me with the DHCP reservation for the MAC address.
    > Also, can you help me with the binding of an IP?
    >
    > Thank You
    >
    >
    > Brian V wrote:
    >> "vreyesii" <> wrote in message
    >> news:...
    >> > Hello,
    >> >
    >> > Is there a way to block a host from the inside using only there MAC
    >> > address on a PIX 501?
    >> >
    >> > Thank You
    >> >

    >>
    >> nope, no can do on MAC alone. What you can do tho is make a DHCP
    >> reservation
    >> for that MAC, bind an IP to it, then block that IP.
    >>
    >> access-list inside_block deny ip host X.X.X.X any
    >> access-list inside_block permit ip any any
    >> access-group inside_block in interface inside

    >


    Depends on what you are running for a DHCP server, thats where it's done.
     
    Brian V, Oct 24, 2006
    #5
  6. vreyesii

    vreyesii Guest

    I am using a Wireless Router from Belkin as the DHCP server. The
    wireless router is also running NAT.

    Thanks

    wrote:
    > You also have my favourite command, "shun"
    >
    > What are you using for the DHCP server ?
    >
    > vreyesii wrote:
    > > Can you please help me with the DHCP reservation for the MAC address.
    > > Also, can you help me with the binding of an IP?
    > >
    > > Thank You
    > >
    > >
    > > Brian V wrote:
    > > > "vreyesii" <> wrote in message
    > > > news:...
    > > > > Hello,
    > > > >
    > > > > Is there a way to block a host from the inside using only there MAC
    > > > > address on a PIX 501?
    > > > >
    > > > > Thank You
    > > > >
    > > >
    > > > nope, no can do on MAC alone. What you can do tho is make a DHCP reservation
    > > > for that MAC, bind an IP to it, then block that IP.
    > > >
    > > > access-list inside_block deny ip host X.X.X.X any
    > > > access-list inside_block permit ip any any
    > > > access-group inside_block in interface inside
     
    vreyesii, Oct 25, 2006
    #6
  7. vreyesii

    Brian V Guest

    "vreyesii" <> wrote in message
    news:...
    >I am using a Wireless Router from Belkin as the DHCP server. The
    > wireless router is also running NAT.
    >
    > Thanks
    >
    > wrote:
    >> You also have my favourite command, "shun"
    >>
    >> What are you using for the DHCP server ?
    >>
    >> vreyesii wrote:
    >> > Can you please help me with the DHCP reservation for the MAC address.
    >> > Also, can you help me with the binding of an IP?
    >> >
    >> > Thank You
    >> >
    >> >
    >> > Brian V wrote:
    >> > > "vreyesii" <> wrote in message
    >> > > news:...
    >> > > > Hello,
    >> > > >
    >> > > > Is there a way to block a host from the inside using only there MAC
    >> > > > address on a PIX 501?
    >> > > >
    >> > > > Thank You
    >> > > >
    >> > >
    >> > > nope, no can do on MAC alone. What you can do tho is make a DHCP
    >> > > reservation
    >> > > for that MAC, bind an IP to it, then block that IP.
    >> > >
    >> > > access-list inside_block deny ip host X.X.X.X any
    >> > > access-list inside_block permit ip any any
    >> > > access-group inside_block in interface inside

    >


    Don't know anything about Belkin, should be something in the manual if it's
    possible to do the binding. Should be under DHCP reservation.
     
    Brian V, Oct 25, 2006
    #7
  8. vreyesii

    vreyesii Guest

    Thanks a lot for all your help.

    Victor

    Brian V wrote:
    > "vreyesii" <> wrote in message
    > news:...
    > >I am using a Wireless Router from Belkin as the DHCP server. The
    > > wireless router is also running NAT.
    > >
    > > Thanks
    > >
    > > wrote:
    > >> You also have my favourite command, "shun"
    > >>
    > >> What are you using for the DHCP server ?
    > >>
    > >> vreyesii wrote:
    > >> > Can you please help me with the DHCP reservation for the MAC address.
    > >> > Also, can you help me with the binding of an IP?
    > >> >
    > >> > Thank You
    > >> >
    > >> >
    > >> > Brian V wrote:
    > >> > > "vreyesii" <> wrote in message
    > >> > > news:...
    > >> > > > Hello,
    > >> > > >
    > >> > > > Is there a way to block a host from the inside using only there MAC
    > >> > > > address on a PIX 501?
    > >> > > >
    > >> > > > Thank You
    > >> > > >
    > >> > >
    > >> > > nope, no can do on MAC alone. What you can do tho is make a DHCP
    > >> > > reservation
    > >> > > for that MAC, bind an IP to it, then block that IP.
    > >> > >
    > >> > > access-list inside_block deny ip host X.X.X.X any
    > >> > > access-list inside_block permit ip any any
    > >> > > access-group inside_block in interface inside

    > >

    >
    > Don't know anything about Belkin, should be something in the manual if it's
    > possible to do the binding. Should be under DHCP reservation.
     
    vreyesii, Oct 25, 2006
    #8
  9. vreyesii wrote:
    > Hello,
    >
    > Is there a way to block a host from the inside using only there MAC
    > address on a PIX 501?


    May I ask the reason for especially blocking a specific host from
    inside? You are aware of the fact that a MAC address can be easily
    spoofed?

    Michael
     
    Michael Meckelein, Oct 25, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jonnah
    Replies:
    1
    Views:
    1,312
    mcaissie
    Apr 21, 2004
  2. Brian

    Block by Posting Host

    Brian, Sep 10, 2003, in forum: MCSE
    Replies:
    6
    Views:
    564
    Maestro
    Sep 11, 2003
  3. JoelSeph
    Replies:
    9
    Views:
    6,800
    JoelSeph
    Jan 23, 2006
  4. Jojo the 90lb hottie

    Dane Cook: Great S.N.L. host or GREATEST S.N.L. host?

    Jojo the 90lb hottie, Feb 14, 2007, in forum: Digital Photography
    Replies:
    1
    Views:
    684
    Flash Bazbo
    Feb 14, 2007
  5. Replies:
    3
    Views:
    6,397
    Trendkill
    Apr 15, 2008
Loading...

Share This Page