[afnog] Bind IP address to MAC Address
etessua at uccmail.co.tz
etessua at uccmail.co.tz
Thu Jul 1 12:13:29 UTC 2010
Dear all,
thanx alot for your responses. i came to realize two things, the MAC i got
from show ip dhcp binding is different from the one i got from sh arp. so
i got the right MAC and i'm on it.
> On Wed, 30 Jun 2010 19:09:53 +0300 (EAT) etessua at uccmail.co.tz wrote:
>> I have another problem, cisco seems to deny
>> this kind of MAC 0100.24b2.0d3d.43. I'm using cisco cat 2950 switch and
>> the NAT itself is cisco 2600 as stated earlier. what can i do?? because
>> that is the MAC address of the machine causing trouble.
>
> This is weird, as an ethernet MAC address is 6 bytes long and
> yours is 7 bytes. I'm not a 2950 expert so I don't know if
> the 7th byte is added at the beginning or at the end, and why.
> Perhaps you should check some of the other MAC addresses
> to see what the format is.
>
> If the first byte of the MAC address is odd (0100.0000.0000)
> then that is a multicast address which would explain why Cisco
> put restrictions on blocking, etc.
>
> My take would be:
> - NOT to block on IP level, because a malicious user will just pick
> another IP address
> - NOT to block on MAC address (though it is a way), because MAC addresses
> can be changed (though it generally takes a little more skill)
> - Use the mac forwarding table of the switch to find out on which port
> the MAC address is used (perhaps Cisco doesn't allow this on
> a non-unicast address, do check),
> then investigate what's connected to that port. If it's another switch,
> repeat procedure until you find the host.
>
> Hope this helps,
>
> Geert Jan
>
>
More information about the afnog
mailing list