Filtering and Monitoring via Mac-Address

Hi everyone.
Is it possible to filter and monitor a user's device via it's mac-add?
For example, I want to filter facebook and youtube in our company. I also want to have a status report regarding which mac-addresses are attempting to go into the sites that I have blocked.
Is this feasible?
Thanks in advance.

A lot depends on what systems you have and are using; but generally not directly (assuming basic systems and tools). You'd have to correlate logs and arp tables etc.
Advanced solutions such as ISE can do this but that's a much bigger discussion.

Similar Messages

  • Is it possible to add a second monitor via mac mini with iMac

    Hi
    is it possible to add a second monitor via mac mini with iMac
    or is there another solution?
    all i want to know is if i can run a second monitor or link a mac mini for more speed like i heard you can with the G5 Towers.

    The iMac will allow you to connect a second monitor but that monitor will show the same thing as the iMac's built-in screen.
    You can network a Mac mini and iMac via Ethernet or Firewire.
    Software load sharing like Xgrid can allow you to share work between the Macs.

  • Restricting access via MAC address?

    Hello,
    Could someone please tell me how to restrict access to my wireless network (and internet sharing) by only allowing computers with a certain MAC address to join?
    I'm kinda stumbling around here
    Thanks,
    Jonny

    Sorry if I wasn't being specific enough...
    I have my eMac set up as a Software Base Station, which streams internet & Airtunes to an Airport Express. I have it set up this way, because my ADSL modem is connected via USB (so it's a bit of a workaround). As a result, I have Internet Sharing switched on, so I can access it from all my other macs.
    What I want to do is to stop other people from accessing my eMac's internet connection. If I set up a WEP password for Internet Sharing, I lose my Airtunes facility... so I was thinking another way might be to restrict access to the connection via MAC address. I only want my other airport card-equipped macs to access the internet connection and network generally.
    Surely it's possible?

  • DHCP via Mac Address

    I have a Cisco 831 router. I am handing out DHCP to my network via the router
    ip dhcp pool HmPrivate
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 192.168.1.20
    domain-name hmprivate.net
    What I am trying to do is assign the same ip address to my laptop via DHCP by associating the mac address of the laptop to the DHCP ip address. This is easily done on a windows server.
    I have not been able to figure it out on this router though. I have looked at the commands under the pool as well as in config mode. Nothing is jumping out at me.
    Any assistance is greatly appreaciated!

    Ok I powered up my laptop got an ip address from the rtr of 192.168.1.21. On the router i did a sh arp to get my hardware address of 0015.0025.60aa. I then created the new DHCP pool for the static entry. From my windows laptop i do an ipconfig / release then a ipconfig / renew. I keep getting the 192.168.1.21 address and not the 192.168.1.13 address that I want.
    Am I missing something really simple here? Why wont the laptop grab the 192.168.1.13 address?
    ip dhcp pool HmLaptop
    host 192.168.1.13 255.255.255.0
    hardware-address 0100.1500.2560.aa
    default-router 192.168.1.1
    dns-server 192.168.1.20
    client-name dhopewell2
    Here is a list of all DHCP pools on my router.
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.10
    ip dhcp excluded-address 192.168.1.250 192.168.1.254
    ip dhcp excluded-address 192.168.50.1 192.168.50.100
    ip dhcp excluded-address 192.168.24.1 192.168.24.100
    ip dhcp pool HmPrivate
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 192.168.1.20
    ip dhcp pool HmWK
    network 192.168.24.0 255.255.255.0
    default-router 192.168.24.1
    dns-server 10.0.101.12 10.0.101.13
    option 150 ip 10.200.1.50 10.200.1.51
    ip dhcp pool vlan10
    network 192.168.50.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 192.168.50.20
    ip dhcp pool HmLaptop
    host 192.168.1.13 255.255.255.0
    hardware-address 0100.1500.2560.aa
    default-router 192.168.1.1
    dns-server 192.168.1.20
    client-name dhopewell2

  • Restrict printing via MAC address

    I am currently using Mac OS 10.2 server and now we are considering upgrading to 10.4 because of better printer servers. We don't current use the server software for printer serves. We would like to have the ability to restrict printing to the printer via the computers MAC address. Is this possible via server 10.4?
    Thanks in advance
    Jason
    PowerG4 dual G4 - 400mhz   Mac OS X (10.2.x)   OS 10.2 server

    You could use the firewall to block certain IP addresses from printing.
    You can ensure certain computers receive consistent IP adddresses via DHCP using Server Admin > DHCP > Settings > Static Maps which depends on MAC addresses.
    hth,
    b.

  • Wireless connects via MAC address, but not with essid.

    I have an eee 901 using the zeneee901 kernel. I got wireless to work out of the box to an extent. This will probably be easier to exlain just posting the commands.
    ifconfig ra0 up
    iwlist ra0 scan
    iwconfig ra0 essid *essid here*
    dhcpcd ra0
    TIMEOUT GOES HERE
    iwconfig ra0 ap MACADDRESS
    dhcpcd ra0
    Connected!
    This wouldn't be so bad except I can'tuse Wicd. This was happening way before I installed Wicd btw.
    What's the deal?

    R00KIE wrote:The way you do it I don't know, but in wicd you can select an option to associate by essid instead of mac address and it works fine for me.
    Someone else might be able to answer your question. Maybe you can consider using another network connection manager, would makes things easier. Although knowing why it doesn't work is also good
    That's good, but I can't find that option. Where is it?

  • Route and bridge one mac address

    Hello,
    I have a particular problem: on a router with one in and one out interface, i want to route all traffic, but i want to bridge one specific well-known MAC address. I wonder if this is possible. On a cisco router, I can do IRB, but each interface is either routed or bridged, but not mixed.
    I am sure it will work if i put a switch before and after the router and connect the router with double interfaces: 2 inbound and 2 outbound. Then route on one pair of interfaces and on the second pair of interfaces, bridge the interfaces with a bridge MAC address filter. However, i wonder if it can be done on less interfaces (2 or 3)....
    regards,
    Geert

    Hello Geert,
    Maybe bridging sub-interfaces? Might work, i have not tried myself to be honest and am no expert in bridging with router interfaces. I think config would look something like this...
    conf t
    bridge irb
    interface e0/0.100
    encapsulation dot1q 100 native
    bridge-group 100
    interface e0/1.100
    encapsulation dot1q 100 native
    bridge-group 100
    exit
    bridge 100 protocol ieee
    bridge 100 bridge ip
    bridge 100 route ip
    bridge 100 address H.H.H [Where H.H.H is mac address you want to bridge]
    hth
    Bilal
    CCIE #45032

  • How to assign static ip via mac address on LINKSYS WRT54G2

    ? how do i assign an ip per mac address with this router? i can't seem to find the option and its becoming a real pain
    on my buffalo router i can paste a mac address and assign and ip for each mac on my network

    The feature that you are looking for is called "DHCP reservation".  This feature is not available on the WRT54G2.  Several of the newer Linksys wireless n routers support this feature.
    You can assign your computer a fixed (static) LAN IP address, however, you will need to do it manually.  Linksys has some very specific rules about assigning fixed LAN IP addresses.  Be sure to follow them carefully.
    Rules for using fixed LAN IP addresses on Linksys routers:
    With Linksys routers, a fixed (static) LAN IP addresses must be assigned in the device that is using the address. So you need to enter the fixed address in the computer or printer, not in the router.
    When using a Linksys router, any fixed LAN IP address must be outside the DHCP server range (typically 192.168.1.100 thru 192.168.1.149), and it cannot end in 0, 1, or 255.
    Therefore any fixed LAN IP address would normally need to be in the range of
    192.168.1.2 thru 192.168.1.99 or
    192.168.1.150 thru 192.168.1.254
    assuming you are still using the default DHCP server range.
    Also, in the computer, when you set up a static LAN IP address, you would need to set the "Subnet mask" to 255.255.255.0 and the "Default Gateway" to 192.168.1.1 and "DNS server" to 192.168.1.1
    It is also important that no two devices on your network be set to the same static LAN IP address.

  • How to look up a wireless client via MAC address

    One of my AirPort Expresses shows a wireless client whose MAC address I don't recognize. Is there some utility that will show me info (manufacturer, etc) of a wireless MAC address?
    Also, under what conditions would one choose to set up the Wireless Mode of an AirPort Express (Extreme) to "Extend a wireless network" and when would you choose "Participate in a WDS network"? The help files don't explain this stuff very well.

    If the "g" Express is set to "join", it does not extend the wireless signal, it receives the wireless signal as if it were a computer. The idea behind "join" was to provide a means for users to stream AirTunes to a remote location with an amplifier and speakers.
    If you are not using it to stream AirTunes, there's really no reason to have it powered on. As you have probably discovered, the ethernet port on the "g" Express is not active.
    You'll need to recheck some settings on your main base station, the Extreme to make sure that it is setup correctly. Open AirPort Utility, click Manual Setup and click the Wireless tab below the icons. Just make sure that there is a check mark next to "Allow this network to be extended". Update to save any changes.
    The "n" Express should be configured using AirPort Utility, Manual Setup, Wireless tab. Check that your Wireless Mode is "extend a wireless network" and make sure there is a check mark next to "allow wireless clients".
    As you have discovered, the ethernet port is also active on the "n" Express when you have it set to "extend" and it will also stream AirTunes. Great features on the "n" Express.
    You might think about adding another "n" Express to extend to another area.
    Ethernet is always the best choice for speed and stability if you are able to hide the wire through the house. If it's not feasible to run an ethernet cable, take a look at ethernet powerline adapters.
    You would use a pair, one device at the Extreme end and one at the other end where you want the signal to go. These devices use the home wiring to transport an ethernet signal and they work very well. Not quite as good as straight ethernet, but close and far better than wireless overall.
    I bought a pair from DirecTV to setup the On Demand service because I didn't want to crawl through a hot attic to run an ethernet cable from my office router to the DVR. Much faster than wireless...and I previously had a very good wireless connection between my Time Capsule and the Express I was using to extend.
    Hope you get things figured out soon.

  • Connecting via MAC address?

    Guys,
    For some strange reason, one of our suppliers needs to install a device (Nortel Meridian media card) which cannot have an IP address configured on it.
    The supplier engineer swears blind that on other sites, he can connect to this device just by using MAC address.
    Is there a way to communicate with this device just using destination MAC address? I have scoured the internet with no luck so far.
    We have Catalyst 4507Rs with 12.2.20 IOS.
    Any help greatly appreciated.

    Hi,
    If it cannot be configured with an IP address, what network layer protocol does it use, if any? You can certainly communicate with it, assuming that the application being used to communicate with this device uses the same upper layer protocols. As long as the ethernet headers are compliant, the switches will forward them based on what is in the mac-address-table.
    HTH,
    Bobby
    *Please rate helpful posts.

  • Mac Address Filtering Issue with DI-624 router and HP D110 Wireless Printer

    Just got the D110 Wireless Printer and cannot connect to the wireless router. 
    I have a D-Link DI-624 Air Plus Xtreme G 2.4GHz Wireless Router.
    The error message that I'm recieving from the printer is that "Mac address filtering may be enabled on your wireless router. This  can prevent your HP printer from connecting to your wireless network during setup....etc."
    The D-Link is setup using WPA-PSK security. If I turn off all security than the wireless printer is able to connect. With WPA-PSK or even WEP enabled I cannot connect the printer to the wireless router. There is no connection to hardwire the printer and the router.
    I've logged on to the router's admin and have confirmed several times that Mac filtering is turned off by going to Advanced > Filters > Mac Filters > and choosing Disabled Mac Filters. Where else is this setting? Why is the printer not able to connect?
    Further, I check the logs on the router and it shows "Wireless PC Connected" and "Authentication Success" with a note that has the Mac Hardware Address matching the printer's mac hardware address on the Wireless Network Test Report. It would appear that the router is letting the Print in but that the printer is not able to communicate for some reason. It even shows under status > wireless that the printer is connected.
    When i spoke to HP, they said to contact the router company and that they could not help. When I called D-Link they said tech support is no longer available for the model. I'm stuck, can anybody help?
    This question was solved.
    View Solution.

    Windows XP, tried both the front of the printer as well as connecting via USB and using the software.
    After a few hours on the phone with both D-Link and HP, the issue has been resolved.
    Apparently eventhough Mac Filtering was disabled (set to Disabled MAC Filters), the Mac address had to be entered into the router to allow it while keeping the setting to Disabled Mac Filters. To me it appeared counter intuitive to enter the Mac address while it's set to Disabled Mac Filters so I did not try that before getting on the phone with HP. Further on this, the problem did not go away right after adding the mac address but rather after restarting the router as the mac address addition did not take effect without a reboot of the device. 
    HP was much more helpful than D-Link on this one though it would be nice for HP to add to their instructions and Wireless Network Test Report to add the Mac address just in case. I would have tried that step if it was stated that it's okay to add the mac address and keep mac filters disabled.

  • ACS v4.1 PEAP and MAC Address Validation

    I would like to authenticate to a ACS server via both 802.1x (PEAP) and to also validate the MAC Address of the user. Can both of these be done? I have 802.1x (PEAP) working to the ACS and Active Directory but now I would like to add the MAC Address of the laptops. Can I use Network Access Profiles and add the MAC-address under MAC-Authentication bypass?
    Your assistance is appreciated.

    I seem to have figured my way out of this. The reason for the short dot1x timer is that we are using MAB to authenticate the client MAC, so we actually WANT the dot1x authentication to timeout as quickly as possible for the secondary (MAB) authentication to execute.
    I'm also suffering from the age-old problem of interpreting the logic of a config originally implemented by someone else. I'm wondering if all the dot1x commands we have are actually necessary in our situation.
    What I have found when comparing new switches to old is that on the 3750s, show authentication sessions for an interface only shows mab as a runnable method, while on the 3850s it lists dot1x, mab and webauth (in that order). Using authentication order mab and authentication priority mab on an interface of the 3850 seems to do the trick. With debug mab turned on you can see the mab authentication working and the switch then allows the interface to pass traffic. Just as importantly, it blocks the port if I try using a client whose MAC is not in the ACS database.
    Appreciate your help.

  • WRT160N PS3 MAC Address Filtering

    Does anybody know how to set up the MAC address filtering for a PS3, or if the PS3 even recognizes it?  I find the MAC address for the PS3, enter it into the MAC address allow column and try to connect.  Doesn't work.  Take the MAC Address filter off and bingo back to working.  I am using WPA at the moment, and that is it.  Any suggestions or advice would be much appreciated!  Thanks.
    Solved!
    Go to Solution.

    Once you remove the Mac address...it is working fine...that means the Mac address you are using is probably not correct Mac address.Each and every device has its own Mac address...
    Follow the steps to get the wireless card Mac address for your PS3
    . Power up the PlayStation 3 without any disc in the drive.
    2. Once the PlayStation 3 operating system has loaded, select "Settings."
    3. Once you are in "Settings" select "Network Settings."
    4. When the "Network Settings" list appears, select the first option which is titled "Settings and Connection Status List."
    5. The physical address of the wireless card will be listed under "MAC Address." Write this number down...(this is Mac address).
    Now login into the setup page of your router and try this Mac address. 

  • WLC+LAP+ACS4.0 achieving 802.1x PEAP and MAC address authentication ?

    How to configure WLC + LAP + ACS4.0, achieving username and password authentication and MAC address at the same time

    This might help with the PEAP:
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml
    MAC Authentication
    Add a MAC Address to ACS
    Complete these steps:
    1. From the ACS main menu, click on the User Setup button.
    2. In the User text box, enter the MAC address to add to the user database.
    Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
    3. On the User Setup screen, enter the MAC address in the Secure-PAP password text box.
    Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
    4. Check the Separate (CHAP/MS-CHAP) box.
    5. Enter a password for CHAP/MS-CHAP (this password should be different from the MAC address).
    6. Click Submit.

  • Rebooting fabric interconnect and mac addresses

    I rebooted the subordinate and noticed that I lose only one ping on a vm and saw that mac address show up in the primary. 
    After the subordinate came back online, I did a show mac address table on the subordinate and noticed that a bunch of mac addresses showed back on the subordinate. 
    how does ucs know what mac address to use for the subordinate  or primary when the subordinate comes back online?
    the vm that i was pinging was initially on subordinate but after the reboot, it was on the primary.
    but other mac addresses are already showing on the subordinate right after the reboot

    Register to Ciscolive365 and download BRKCOM-3003 , which has answers to all your questions.

Maybe you are looking for