We have many Cisco routers that are connected via various means (VPN, PRN, Frame, etc) to customer networks.
Typically at these locations, we will just connect directly to their firewall, or we will have a dual-NIC'd server at their location that we will connect to one NIC of.
What I want to be able to do, is secure FE0/0 down so that ONLY the MAC address of the trusted device can communicate with that router.
What I want to prevent, is someone at that un-secured location from unplugging the Ethernet cable from their device and then directly in to a laptop. I just want to close the security hole as much as possible.
We do not do any bridging on our network, OSPF routing of IP only.
Is there an ACL that I can use for this? I see that ACL's 700 and 1100 can be used, but it appears as though you have to turn bridging on.
Basically I want to be able to set up a MAC address security table on the routers and the router will ONLY acknowledge that traffic.
Typically at these locations, we will just connect directly to their firewall, or we will have a dual-NIC'd server at their location that we will connect to one NIC of.
What I want to be able to do, is secure FE0/0 down so that ONLY the MAC address of the trusted device can communicate with that router.
What I want to prevent, is someone at that un-secured location from unplugging the Ethernet cable from their device and then directly in to a laptop. I just want to close the security hole as much as possible.
We do not do any bridging on our network, OSPF routing of IP only.
Is there an ACL that I can use for this? I see that ACL's 700 and 1100 can be used, but it appears as though you have to turn bridging on.
Basically I want to be able to set up a MAC address security table on the routers and the router will ONLY acknowledge that traffic.
