cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
640
Views
0
Helpful
4
Replies

mac address filtering

dsturgeon
Level 1
Level 1

I am trying to setup a mac address filter to prevent specific machines from accessing an ssid that I have setup for guest access. The config basics on my switch-

****************

mac access-list extended LocalDevices

permit host xxxx.xxxx.xxxx any

permit host yyyy.yyyy.yyyy any

!

vlan access-map NoAccess 10

action drop

match mac address LocalDevices

vlan access-map NoAccess 20

action forward

vlan filter NoAccess vlan-list 305

****************

If I then connect the network with a machine that is included in that list (xxxx.xxxx.xxxx for example), I should not be able to pass traffic through that vlan correct? Maybe I am mis-interpreting what this rule is supposed to do, or I didn't set it up correctly.

Dave

4 Replies 4

criss_noh
Level 1
Level 1

It looks missconfiguration opposited to.

I would configure as following.

mac access-list extended LocalDevices

permit host xxxx.xxxx.xxxx any

permit host yyyy.yyyy.yyyy any

!

vlan access-map NoAccess 10

match mac address LocalDevices

action forward

vlan filter NoAccess vlan-list 305

applied vlan will be under vlan305 and only get permittion for xxxx.xxxx.xxxx, yyyy.yyyy.yyyy. as for any mac apperently will be dropped.

is it clear ?

The goal is to drop all traffic from the addresses in the 'LocalDevices' acl, then allow everyone else. Is this not possible?

Dave

If your goal is that, your configuration is correct 100% sure.

MAC xxxx.xxxx.xxxx ,of course, can not pass through by your configuration.

source xxxx.xxxx.xxxx : deny

source yyyy.yyyy.yyyy : deny

any MAC : permit

For my config

source xxxx.xxxx.xxxx : permit

source yyyy.yyyy.yyyy : permit

any MAC : deny

Ok, that is what I thought that it should work and those included addresses should not be allowed to pass. So....then why are they not dropped?

I have tested this with a couple different mac addresses that are included in the list, and on the specified vlan they are allowed to pass traffic. Hmmm.....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: