IP packet filtering based on MAC addresses

Unanswered Question
Jun 24th, 2002
User Badges:
  • Bronze, 100 points or more

Can I do IP packet filtering based on MAC addresses when I have IP routing enabled on a cisco router (ethernet)?

I would like to allow certain ethernet host on my network. They all have the same unique OUI. However our network uses IP routing , not bridging. Is there a way to define an access-list based on MAC addresses when I use routing ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 06/24/2002 - 14:38
User Badges:


I dont think so but you could go round this.

Configure the LAN interface for bridging

and apply the MAC access-list to the incoming ethernet

interface. You then enable IRB and creat an interface BVI

which is which would be the point where bridged ethernet traffic

enters the routed network.


int ethernet 0

bridge-group 1

bridge-group 1 input-address-list 702


interface bvi 1

ip address -->an address for the subnets used for host on the LAN


bridge 1 protocol ieee

bridge irb

bridge 1 route ip


access-list 702 permit 0002.4b00.0000 0000.00ff.ffff

Hope it helps




This Discussion