Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

catalyst ACL

can we ban MAC addresses (port based ACL) on catalyst L2 switches?

tx in advance

3 REPLIES
Purple

Re: catalyst ACL

Which particular switch are you looking at ?

On the 3550s, for example, you can restrict the MAC addresses that can be on part by using the following command:

switchport port-security mac-address

Hope that helps - pls rate the post if it does.

Regards,

Paresh

Purple

Re: catalyst ACL

I probably did not answer your question fully..

On most of the platforms, you can apply access-lists to interface that will deny MAC addresses as specified in a MAC access-list.

Hope that helps - pls rate the post if it does.

Regards,

Paresh

VIP Purple

Re: catalyst ACL

Hello,

as an alternative, if you have an unused port on your switch, you could blackhole traffic for a specific MAC address, which will effectively block that MAC address from the entire switch. In the example below, interface GigabitEthernet0/2 is unused:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.

Regards,

GP

112
Views
0
Helpful
3
Replies
CreatePlease to create content