mac address filtering doesn't work on c4506

Unanswered Question
Aug 13th, 2008

Hi guys,

i configured mac address filtering and ip filtering on cisco catalyst 4506 like the configuration below, the ip filtering works fine but not mac filtering feature.

could someone help me for that ?




Switch(config)# mac access-list extended mac-device-list

Switch(config-ext-macl)# permit host 0000.0101.0011 any

Switch(config-ext-macl)# permit host 0000.0101.0012 any

Switch(config)# ip access-list extended ip-device-list

Switch(config-ext-nacl)# permit ip host any

Switch(config-ext-nacl)# permit ip host any

Switch(config)# interface fa0/1

Switch(config-if)# ip access-group ip-device-list in

Switch(config-if)# mac access-group mac-device-list in

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 08/13/2008 - 09:29

Hello Mustapha,

is your interface fas0/1 currently configured as a routed port (no switchport + ip address)

In that case this behaviour can be explained.

Try the following

move L3 config to an SVI interface make fas0/1 an access link of the same l2 vlan

test again and tell if you see any change

Hope to help


tdanetsco Wed, 08/13/2008 - 09:40

Hi giuseppe,

the port is configured as switchport access mode.




This Discussion