06-25-2007 11:00 AM - edited 03-05-2019 04:57 PM
I am trying to setup a mac address filter to prevent specific machines from accessing an ssid that I have setup for guest access. The config basics on my switch-
****************
mac access-list extended LocalDevices
permit host xxxx.xxxx.xxxx any
permit host yyyy.yyyy.yyyy any
!
vlan access-map NoAccess 10
action drop
match mac address LocalDevices
vlan access-map NoAccess 20
action forward
vlan filter NoAccess vlan-list 305
****************
If I then connect the network with a machine that is included in that list (xxxx.xxxx.xxxx for example), I should not be able to pass traffic through that vlan correct? Maybe I am mis-interpreting what this rule is supposed to do, or I didn't set it up correctly.
Dave
06-26-2007 10:51 PM
It looks missconfiguration opposited to.
I would configure as following.
mac access-list extended LocalDevices
permit host xxxx.xxxx.xxxx any
permit host yyyy.yyyy.yyyy any
!
vlan access-map NoAccess 10
match mac address LocalDevices
action forward
vlan filter NoAccess vlan-list 305
applied vlan will be under vlan305 and only get permittion for xxxx.xxxx.xxxx, yyyy.yyyy.yyyy. as for any mac apperently will be dropped.
is it clear ?
06-27-2007 03:28 AM
The goal is to drop all traffic from the addresses in the 'LocalDevices' acl, then allow everyone else. Is this not possible?
Dave
06-27-2007 05:11 PM
If your goal is that, your configuration is correct 100% sure.
MAC xxxx.xxxx.xxxx ,of course, can not pass through by your configuration.
source xxxx.xxxx.xxxx : deny
source yyyy.yyyy.yyyy : deny
any MAC : permit
For my config
source xxxx.xxxx.xxxx : permit
source yyyy.yyyy.yyyy : permit
any MAC : deny
06-28-2007 02:02 AM
Ok, that is what I thought that it should work and those included addresses should not be allowed to pass. So....then why are they not dropped?
I have tested this with a couple different mac addresses that are included in the list, and on the specified vlan they are allowed to pass traffic. Hmmm.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide