Re: Access-Control

Olu,

Is 802.1x solution taking it too far? That is the best form of access
control based on users' identity. You can simply use MAB (MAC authentication
Bypass) to enforce access policy control.

Of course, that's no "feature" but rather a whole "solution" that might
involve additional components into your network. ie ACS and probably a new
code on your access switches. Not to mention the potential MAC address DB
you will need to put together (of all devices you would like to regard as
"assets").

Excellent White Paper written here:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-663759.html

Hope that helps!

Sadiq

On Fri, Sep 16, 2011 at 8:48 AM, Eugene Filatov <efilatov_at_gmail.com> wrote:

> Hi,
>
> Why not to assign them a static addresses (based on MAC) on DHCP and then
> filter their traffic according to your requirements?
>
> Eugene.
>
> On 16 September 2011 07:35, OLUSEGUN DADA <engrenny_at_hotmail.com> wrote:
>
> > Good morning Experts.... please have been think of how to control some
> > users
> > from accessing the internet,but still need to access applications in
> other
> > subnet within the company network. the problem i have here is that all
> > hosts
> > will be geeting their IP address thru DHCP. kindly help me out on how to
> > block
> > these hosts using the router or a multilayer switch
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Regards,
> Eugene.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net