[afnog] Bind IP address to MAC Address
Geert Jan de Groot
GeertJan.deGroot at xs4all.nl
Wed Jun 30 13:55:42 UTC 2010
On Wed, 30 Jun 2010 19:09:53 +0300 (EAT) etessua at uccmail.co.tz wrote:
> I have another problem, cisco seems to deny
> this kind of MAC 0100.24b2.0d3d.43. I'm using cisco cat 2950 switch and
> the NAT itself is cisco 2600 as stated earlier. what can i do?? because
> that is the MAC address of the machine causing trouble.
This is weird, as an ethernet MAC address is 6 bytes long and
yours is 7 bytes. I'm not a 2950 expert so I don't know if
the 7th byte is added at the beginning or at the end, and why.
Perhaps you should check some of the other MAC addresses
to see what the format is.
If the first byte of the MAC address is odd (0100.0000.0000)
then that is a multicast address which would explain why Cisco
put restrictions on blocking, etc.
My take would be:
- NOT to block on IP level, because a malicious user will just pick
another IP address
- NOT to block on MAC address (though it is a way), because MAC addresses
can be changed (though it generally takes a little more skill)
- Use the mac forwarding table of the switch to find out on which port
the MAC address is used (perhaps Cisco doesn't allow this on
a non-unicast address, do check),
then investigate what's connected to that port. If it's another switch,
repeat procedure until you find the host.
Hope this helps,
Geert Jan
More information about the afnog
mailing list