mac access-list that allows a set of mac addresses and blocks all others

Unanswered Question

I'm trying to setup an internet vlan that I can give to users so they can put machines directly on the internet.  For security, I would like to make sure they send me the mac address first so I can verify that security policies are in place on the machine they are going to be putting on the internet.  So, I would like a setup like:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080470c39.shtml

except instead of specifying which mac addresses to block I would like to block everything and specify which mac addresses are actually allowed on the vlan.  Does anyone have any examples like in the document for this type of scenario?  I've changed some settings around but I can't have the access-map action of drop with an access-list of any -> any after the forward because it will still end up dropping everything.  Any ideas?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Mon, 06/21/2010 - 23:21

I'm trying to setup an internet vlan that I can give to users so they can put machines directly on the internet.  For security, I would like to make sure they send me the mac address first so I can verify that security policies are in place on the machine they are going to be putting on the internet.  So, I would like a setup like:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080470c39.shtml

except instead of specifying which mac addresses to block I would like to block everything and specify which mac addresses are actually allowed on the vlan.  Does anyone have any examples like in the document for this type of scenario?  I've changed some settings around but I can't have the access-map action of drop with an access-list of any -> any after the forward because it will still end up dropping everything. Any ideas?

Thanks,

Check out the below link on mac-based acl cofniguration and prerequiste

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_macacls.pdf

Hope to Help !!

Ganesh.H

Actions

This Discussion

Related Content