09-21-2008 10:46 PM - edited 03-06-2019 01:30 AM
Hi all I am having A C4500 distribution layer switch connected to 5 access layer switches i want to block a user connecting to the lan on the basis of MAC ADDRESS
i wrote an VLAN ACCESS LIST to match the mac address of the user using mac access list and then mapping the vlan access list to all the vlans
I thought it would solve the problem but i am not able to do the required
Am i Wrong ? If u want i can send you the configuration please help me in this regard
09-21-2008 11:51 PM
Please provide the following information:
1) Which vlan is the user you want to block.
2) What subnets do you want to block for that user
3) Post the MAC based ACL that you created.
4) Post the output of 'show vlan filter'
09-22-2008 04:57 AM
under enable mode i sometimes use mac-address-table static xxxx.xxxx.xxxx vlan x deny. This will block the MAC from accessing the network. No need for an ACL.
09-24-2008 12:51 AM
i tested it sucessfully on my 6500 with this syntax:
mac-address-table static 0004.231c.d91f vlan 111 drop
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: