Block devices based on MAC address
5 years 7 months ago #38194
We have a Cisco ASA 5510 for our firewall, I would like to know how can I block devices based on their MAC address from accessing our network and also getting out to the internet. Basically, if someone brings a WAP into our building and plug it into our network, i'd like to prevent it from giving them network/internet access. Thanks.
Re: Block devices based on MAC address
5 years 7 months ago #38195
First id like to say that in such a case its always helpful to have a map which shows the network topology. That makes it easier to argue and it often gives us information we can now only guess about.
However i think blocking the MAC Adresses on the firewall wouldnt solve the Problem you have explained, since the attackers then still have access to the network, which is imo even worse.
Since i dont have any clue about your topology, here are some comon suggestions, plz let me know if it works out for you...
1. Dont patch the ports (patchpanel -> switch) you are not going to use.
2. There is a feature called "Port Security" available on many switches. It allows you to create a list of MAC or IP Adresses who gain Access to a specific Port of the switch. In that way you could block unauthorized clients from connecting to the Network (In most cases).