Layer 2 - Access Lists

Answered Question
Sep 29th, 2008
User Badges:

Hi everyone.

I'm trying to find out how I can configure a "MAC Access-list" to allow only HP Devices through a switch port.

I have never used this feature before and cannot seem to find any examples of how to do it ..

Can anyone help ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
thestagman Mon, 09/29/2008 - 00:36
User Badges:

Sorry this is beinf done on Cisco 2960 & 3750 switches.


thestagman Mon, 09/29/2008 - 01:04
User Badges:

Hi Andrew

Thanks for the reply. But I need to allow any HP device only and block the rest.

mac access-list ext filtermac

permit host 001b.38xx.xxxx any

Something like above. I'm unsure of the syntax or if it can be done ?

Correct Answer

To be honest I have never tried to block only part of a MAC address, but I suppose it's possible.

I would try something like:-

mac access-list ext filtermac

permit host 001b.38FF.FFFF any

As the f = broadcast = does not matter, try it out on a non-production switch port with a test HP NIC on it?


thestagman Mon, 09/29/2008 - 02:27
User Badges:


I have just tried that with no luck using a Dell Laptop. I have also tried it with zeroes as well with no luck.

mac access-list extended DELLONLY

permit host 0015.c5ff.ffff any

thestagman Mon, 09/29/2008 - 02:28
User Badges:

If I specify the full mac address it works no problem.. But I need to find a way to only allow HP Laptops which will mean wildcarding out a portion of the mac address ..

thestagman Mon, 09/29/2008 - 04:19
User Badges:

Hello Andrew

For some strange reason, it has decided to work. But I do not know why ... I just started a constant ping and up it came ...

However, it has caused another issue and that is from time to time the pings fail for about 30 packets and then resume ...

thestagman Mon, 09/29/2008 - 04:27
User Badges:

I only have a single switch for this testing. Spanning Tree is set to rapid, portfast is enabled and the laptop I'm using only has one connection.

The loss of packets has not occured for sometime now ... ..


This Discussion