Question : How to block PIX 501 access by MAC address?

Topic says it all.  How would I be able to configure a PIX 501 to allow only pre-approved devices to connect?  Can I do this by MAC/hardware addresses?  Basically, I don't want just anyone plugging into the 501 for a free ride...

Answer : How to block PIX 501 access by MAC address?

not sue what you mean in your comment above. i tested it and it works for me. give a valid mac address in  the mac list command. not a bogus one. use aaa-server local and user username command to set a username and password. dont copy my username command since the password is encrypted.
just type username user password password
now connect from the machine that is permitted.
it should be allowed through without authentication
now connect from any other machine
this should be prompted for username and password

if you dont give the username and password, he will not be able to go through

you said that you supplied a bogus mac address... so the bogus mac address would be allowed. you said you connected from the machine with was not in the permit list.. so it got prompted for username and password. this is correct behavior. you want to allow users by mac address. just put in the allowed users in the mac-list. they will not require username and password. all other users will require it.. if you choose a strong username and password, they will not know it and wont get through.


Random Solutions  
 
programming4us programming4us