08-18-2007 04:06 AM - edited 03-05-2019 05:58 PM
Hi, I am trying to configure a mac access-list on a cisco 2950 switch running version 12.1(22)EA10a. I have no problem configuring the actual mac access-list itself but when i come to apply it interface fa0/1 for example the 'mac access-group' command is not visible. I have the interface setup as a switchport to access vlan 1. Can anyone advise what im missing here?
Thanks in advance.
08-19-2007 04:36 PM
Hi, untill now i've never seen an access-list created the way u want to do it. But who am i, i haven't much experince yet.
But i think maby you mean the "switchport port-security" command. With this command [and subcommands] u can secure a switchport.
for example:
SW2(config)#int fast 0/5
SW2(config-if)#switchport mode access
SW2(config-if)#switchport port-security
SW2(config-if)#switchport port-security ?
aging Port-security aging commands
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
SW2(config-if)#switchport port-security maximum 2
SW2(config-if)#switchport port-security violation protect
this was just 1 example, hope it could help.
bye flash...
08-20-2007 06:48 AM
Hi Flash, thanks for your reply. I am aware that you can use port security to secure a mac address against a port, however this feature does not allow you to configure the same mac address on multiple ports. This is why I was looking into using a 'mac access-list' to control access. As previously stated I have no problem actually configuring the mac-access list, the issue is that when I try to apply it to the interface the 'mac access-group' command is not present.
07-23-2008 11:45 AM
I am running into this issue, as well. Have you found a resolution?
Thanks,
Ed
07-23-2008 10:26 PM
Hi Ed, in the end I gave up and went with 802.1x port based authentication instead which requires the user to enter a username and password to enable the LAN port, the downside to this though is that you require a radius server to do the authentication.
07-29-2008 08:49 AM
You don't apply it to the interface; you should apply it to the vlan interface -2950 is a layer 2 switch.
Please let me know if this helps. Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: