Unanswered Question
Sep 21st, 2008

Hi all I am having A C4500 distribution layer switch connected to 5 access layer switches i want to block a user connecting to the lan on the basis of MAC ADDRESS

i wrote an VLAN ACCESS LIST to match the mac address of the user using mac access list and then mapping the vlan access list to all the vlans

I thought it would solve the problem but i am not able to do the required

Am i Wrong ? If u want i can send you the configuration please help me in this regard

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Tarun Lohumi Sun, 09/21/2008 - 23:51

Please provide the following information:

1) Which vlan is the user you want to block.

2) What subnets do you want to block for that user

3) Post the MAC based ACL that you created.

4) Post the output of 'show vlan filter'

cowetacoit Mon, 09/22/2008 - 04:57

under enable mode i sometimes use mac-address-table static xxxx.xxxx.xxxx vlan x deny. This will block the MAC from accessing the network. No need for an ACL.

ohassairi Wed, 09/24/2008 - 00:51

i tested it sucessfully on my 6500 with this syntax:

mac-address-table static 0004.231c.d91f vlan 111 drop


This Discussion