Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

filtering mac and ip address to http

maher
Level 1
Level 1

‎04-02-2007 04:23 AM - edited ‎03-03-2019 04:23 PM

Hi,

What is the best method to filter traffic based on ip address and mac address on a router? I tried to used route-map, but seems that unfortunately, no command to match the mac address.

However, if I tried to used policy-map on LAN interfaces, only single policy could be apply .. what is the best method of filtering this?

Thanks in advance.

maher

Labels:
0 Helpful
1 Reply 1

beth-martin
Level 5
Level 5

‎04-06-2007 08:22 AM

In order to configure MAC address filtering and apply it to the VLAN interface, you must complete several steps. First, you create the VLAN access maps for each type of traffic that requires filtering. You select a MAC address or range of MAC addresses for blocking. You also need to identify the ARP traffic in the access list. According to RFC 826 , an ARP frame uses the Ethernet protocol type of value 0x806. You can filter on this protocol type as interesting traffic for the access list.

In global configuration mode, create a named MAC extended access list with the name ARP_Packet.

Issue the mac access-list extended ACL_name command and add the host MAC address or addresses that you want to block.

Switch(config)#mac access-list extended ARP_Packet

Switch(config-ext-nacl)#permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0

Switch(config-ext-nacl)#end

Switch(config)#Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.

The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.

Switch(config)#vlan access-map block_arp 10

Switch (config-access-map)#action drop

Switch (config-access-map)#match mac address ARP_Packet

Add an additional line to the same VLAN access map in order to forward the rest of the traffic.

Switch(config)#vlan access-map block_arp 20

Switch (config-access-map)#action forward

Choose a VLAN access map and apply it to a VLAN interface.

Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.

Switch(config)#vlan filter block_arp vlan-list 2

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card