Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3289
Views
0
Helpful
2
Replies

Mac address filtering by vlan

dbakula01
Level 1
Level 1

‎06-28-2007 03:30 AM - edited ‎03-05-2019 05:00 PM

i am looking for the commands i would need to set up MAC address filtering on our 3560 switches. I want to set up specific mac addresses in certain vlans that will dynamically change by which port they plug into and put them in the correct vlan. any help would be fine

Labels:
0 Helpful
2 Replies 2

guruprasadr
Level 7
Level 7

‎06-28-2007 05:34 AM

Hi, [PLS Rate if Helps]

In order to configure MAC address filtering and apply it to the VLAN interface:

1. In global configuration mode, create a named MAC extended access list with the name ARP_Packet.

Issue the mac access-list extended ACL_name command and add the host MAC address or addresses that you want to block.

Switch(config)#mac access-list extended ARP_Packet

Switch(config-ext-nacl)#permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0

Switch(config-ext-nacl)#end

Switch(config)#

2. Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.

The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.

Switch(config)#vlan access-map block_arp 10

Switch (config-access-map)#action drop

Switch (config-access-map)#match mac address ARP_Packet

3. Add an additional line to the same VLAN access map in order to forward the rest of the traffic.

Switch(config)#vlan access-map block_arp 20

Switch (config-access-map)#action forward

4. Choose a VLAN access map and apply it to a VLAN interface.

Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.

Switch(config)#vlan filter block_arp vlan-list 2

This applies the MAC ACL name to VLAN 2.

5. show commands

switch#show mac-address-table dynamic vlan 2

You can Modify the above Syntax & command structures as per your Network Requirement. Hope this Helps you ! !

PLS RATE / VOTE if HELPS ! !

Best Regards,

Guru Prasad R

0 Helpful

dbakula01
Level 1
Level 1

‎06-28-2007 10:49 AM

i believe what it is called are dynamic vlans that switch ports dependant on what port a certain mac is plugged into. My only question is if i need a ACS for this? any help would be appreciated

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card