Configuring a MAC access-list on 2950 switch

Unanswered Question
Aug 18th, 2007

Hi, I am trying to configure a mac access-list on a cisco 2950 switch running version 12.1(22)EA10a. I have no problem configuring the actual mac access-list itself but when i come to apply it interface fa0/1 for example the 'mac access-group' command is not visible. I have the interface setup as a switchport to access vlan 1. Can anyone advise what im missing here?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
flashsplash Sun, 08/19/2007 - 16:36

Hi, untill now i've never seen an access-list created the way u want to do it. But who am i, i haven't much experince yet.

But i think maby you mean the "switchport port-security" command. With this command [and subcommands] u can secure a switchport.

for example:

SW2(config)#int fast 0/5

SW2(config-if)#switchport mode access

SW2(config-if)#switchport port-security

SW2(config-if)#switchport port-security ?

aging Port-security aging commands

mac-address Secure mac address

maximum Max secure addresses

violation Security violation mode

SW2(config-if)#switchport port-security maximum 2

SW2(config-if)#switchport port-security violation protect

this was just 1 example, hope it could help.

bye flash...

CSCO10576352 Mon, 08/20/2007 - 06:48

Hi Flash, thanks for your reply. I am aware that you can use port security to secure a mac address against a port, however this feature does not allow you to configure the same mac address on multiple ports. This is why I was looking into using a 'mac access-list' to control access. As previously stated I have no problem actually configuring the mac-access list, the issue is that when I try to apply it to the interface the 'mac access-group' command is not present.

mrguitar Wed, 07/23/2008 - 11:45

I am running into this issue, as well. Have you found a resolution?

Thanks,

Ed

CSCO10576352 Wed, 07/23/2008 - 22:26

Hi Ed, in the end I gave up and went with 802.1x port based authentication instead which requires the user to enter a username and password to enable the LAN port, the downside to this though is that you require a radius server to do the authentication.

jeanaguemon Tue, 07/29/2008 - 08:49

You don't apply it to the interface; you should apply it to the vlan interface -2950 is a layer 2 switch.

Please let me know if this helps. Thanks.

Actions

This Discussion