10-09-2009 12:43 PM - edited 03-06-2019 08:04 AM
I need to be able to deny a client machine access to the network based on the MAC address of the NIC.
How is this accomplished on a 3750G running 12.2.50 IOS.
Solved! Go to Solution.
10-09-2009 01:44 PM
Hi,
Please check this link,
Another simple way,
Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop
Below is the explanation of the command:
mac address-table static drop
Use the mac address-table static drop global configuration command on the
switch stack or on a standalone switch to enable unicast MAC address
filtering and to configure the switch to drop traffic with a specific source
or destination MAC address. Use the no form of this command to return to the
default setting.
mac address-table static mac-addr vlan vlan-id drop
no mac address-table static mac-addr vlan vlan-id
Regards,
~JG
Do rate helpful posts
10-09-2009 01:07 PM
Hello Anthony,
verify if the device supports MAC address ACLs
700-799
48-bit MAC address access list
try to create an ACL like
access-list 700 deny NIC-mac 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
Hope to help
Giuseppe
10-09-2009 01:20 PM
Yes, the 3750 switch supports that ACL type. Then what do I do?
10-09-2009 01:15 PM
Hi ,
You can set dot1x authentication,as that will give you complete control over user trying to connect.
You can do machine and user authentication
Or
You can set up Port security feature, that will only allow specific mac to connect.
Regards,
~JG
Do rate helpful posts
10-09-2009 01:25 PM
I'm trying to deny a client based on the mac-address because the machine has a virus and needs to be cleaned.
In the CatOS, there was a command "set cam static filter HHHH.HHHH.HHHH" which would deny that mac address access to the switch. I'm looking for something as simple in the IOS sw running on the 3750G
10-09-2009 01:44 PM
Hi,
Please check this link,
Another simple way,
Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop
Below is the explanation of the command:
mac address-table static drop
Use the mac address-table static drop global configuration command on the
switch stack or on a standalone switch to enable unicast MAC address
filtering and to configure the switch to drop traffic with a specific source
or destination MAC address. Use the no form of this command to return to the
default setting.
mac address-table static mac-addr vlan vlan-id drop
no mac address-table static mac-addr vlan vlan-id
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: