Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4151
Views
0
Helpful
5
Replies

Deny client access based on MAC address

Go to solution
amvita
Level 1
Level 1

‎10-09-2009 12:43 PM - edited ‎03-06-2019 08:04 AM

I need to be able to deny a client machine access to the network based on the MAC address of the NIC.

How is this accomplished on a 3750G running 12.2.50 IOS.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to amvita

‎10-09-2009 01:44 PM

Hi,

Please check this link,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1289037

Another simple way,

Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop

Below is the explanation of the command:

mac address-table static drop

Use the mac address-table static drop global configuration command on the

switch stack or on a standalone switch to enable unicast MAC address

filtering and to configure the switch to drop traffic with a specific source

or destination MAC address. Use the no form of this command to return to the

default setting.

mac address-table static mac-addr vlan vlan-id drop

no mac address-table static mac-addr vlan vlan-id

Regards,

~JG

Do rate helpful posts

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-09-2009 01:07 PM

Hello Anthony,

verify if the device supports MAC address ACLs

700-799

48-bit MAC address access list

try to create an ACL like

access-list 700 deny NIC-mac 0000.0000.0000

access-list 700 permit 0000.0000.0000 ffff.ffff.ffff

Hope to help

Giuseppe

0 Helpful

Go to solution
amvita
Level 1
Level 1
In response to Giuseppe Larosa

‎10-09-2009 01:20 PM

Yes, the 3750 switch supports that ACL type. Then what do I do?

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎10-09-2009 01:15 PM

Hi ,

You can set dot1x authentication,as that will give you complete control over user trying to connect.

You can do machine and user authentication

Or

You can set up Port security feature, that will only allow specific mac to connect.

Regards,

~JG

Do rate helpful posts

0 Helpful

Go to solution
amvita
Level 1
Level 1
In response to Jagdeep Gambhir

‎10-09-2009 01:25 PM

I'm trying to deny a client based on the mac-address because the machine has a virus and needs to be cleaned.

In the CatOS, there was a command "set cam static filter HHHH.HHHH.HHHH" which would deny that mac address access to the switch. I'm looking for something as simple in the IOS sw running on the 3750G

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to amvita

‎10-09-2009 01:44 PM

Hi,

Please check this link,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1289037

Another simple way,

Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop

Below is the explanation of the command:

mac address-table static drop

Use the mac address-table static drop global configuration command on the

switch stack or on a standalone switch to enable unicast MAC address

filtering and to configure the switch to drop traffic with a specific source

or destination MAC address. Use the no form of this command to return to the

default setting.

mac address-table static mac-addr vlan vlan-id drop

no mac address-table static mac-addr vlan vlan-id

Regards,

~JG

Do rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card