02-28-2009 09:24 AM - edited 03-04-2019 03:45 AM
hii,
we are using 3845 router in our WAN network.and each router (LAN) interface we are creat 3 to 4 subinterface. i want to block one of the Mac-address in the router,how it could be done ? through Mac-access-list i am creat Mac access ist but in LAN interface there is no command to allow mac access list??..how it's possible??
02-28-2009 10:37 AM
Please explain what problem are you trying to solve, mac ACL are for bridging only.
02-28-2009 09:42 PM
hii ,
just i want to deny Mac id in my router (3845) how it's possible???
02-28-2009 10:45 AM
In order to do this you will have to enable bridging on the interface to apply the access-list on. See the example below:
Example:
access-list 700 permit <48-bit hardware SOURCE address> <48-bit hardware
DESTINATION address>
access-list 700 deny
access-list 700 permit 0.0.0 0.0.0 <--- Permit all
!
interface Ethernet0
ip access-group 700 in <--- applied inbound
Here is a sample config of what you need in the router in order to filter a mac address.
NOTE: In order to use MAC access-lists in a router you need to configure bridging. In this
case is IRB.
config t
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
int e0 (or the interface you need)
no ip address
bridge-group 1
bridge-group 1 {input-address-list 700 | output-address-list 700} exit
int bvi1
ip address
exit
access-list 700 deny
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
Depending on what else you're doing on the interface, this may or may not be a valid solution.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: