mheusing Tue, 12/11/2007 - 07:24
User Badges:
  • Cisco Employee,


You can use a qos policy to achieve this on a router:

class-map match-any NoAccess

match source-address mac 0011.2233.4455

match source-address mac 0123.4567.89AB

policy-map DropBadPC

class NoAccess


interface FastEthernet0/0

service-policy input DropBadPC

In case the switch allows for it, you could also setup a MAC access-list on a switch to block unwanted traffic. You also could setup private VLANs on the switch, which would allow you to define which ports can communicate with which other ports finally blocking router access for some PCs.

Hope this helps! Please rate all posts.

Regards, Martin


This Discussion