cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2286
Views
5
Helpful
4
Replies

Mac access-list not working in Cisco 4500

sagar.shetty
Level 1
Level 1

Hi,

I am trying to use deny mac acl in the 4500 series switch runnning cisco IOS but the command seems to be not working.

Here is the command,

mac access-list extended ABC

deny host 0001.8052.25FF any

int f4/11

mac access-group ABC in

Is there anything I am missing or is it a bug.

Thanks,

4 Replies 4

Prashanth Krishnappa
Cisco Employee
Cisco Employee

What type of traffic are you trying to deny? Mac access-list applies only to non-IP traffic.

PS: Remember to rate useful posts.

Hi Prashanth,

Thanks for the reply. I have been trying to restrict IP traffic based on mac access-list. I have already configured this on 2950 for allow access and it is working fine. But the same kind of access-list when put in 4500 doesnot seem to be working.

Basically, I want specific mac-address not to connect to the network.

Thanks,

Hello Sagar Shetty,

I just replied to another similar qtn. I'm cannot be certain as to why the mac acl is not working. It could be a number of reasons and 'bug' is most definately one of them.

Anyhow, have you considered using port based security?. If not take a read from the following url:

<http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2c.html>

hth

Ajaz Nawaz

4500 the Mac access-list works a little different than 29XX and 37XX switches. Unlike 2K and 3k switches, here the ARP traffic is not blocked by default. We have to use the "arp-non-ipv4" suffix.

Example.

Dist-1#sh access-lists test1

Extended MAC access list test1

    deny   host 406c.8f58.9380 any protocol-family arp-non-ipv4

    permit any any

Agreed that Mac ACL doesn't block ipv4 traffic, but if we are using the ACL on edge access ports, blocking the ARP will stop the host from intializing and thus stops IPV4 as well.

Cheers,

Akshay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: