Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VLAN ACCESS LIST , MAC BASED FILTERING

Hi all I am having A C4500 distribution layer switch connected to 5 access layer switches i want to block a user connecting to the lan on the basis of MAC ADDRESS

i wrote an VLAN ACCESS LIST to match the mac address of the user using mac access list and then mapping the vlan access list to all the vlans

I thought it would solve the problem but i am not able to do the required

Am i Wrong ? If u want i can send you the configuration please help me in this regard

3 REPLIES
Cisco Employee

Re: VLAN ACCESS LIST , MAC BASED FILTERING

Please provide the following information:

1) Which vlan is the user you want to block.

2) What subnets do you want to block for that user

3) Post the MAC based ACL that you created.

4) Post the output of 'show vlan filter'

Community Member

Re: VLAN ACCESS LIST , MAC BASED FILTERING

under enable mode i sometimes use mac-address-table static xxxx.xxxx.xxxx vlan x deny. This will block the MAC from accessing the network. No need for an ACL.

Silver

Re: VLAN ACCESS LIST , MAC BASED FILTERING

i tested it sucessfully on my 6500 with this syntax:

mac-address-table static 0004.231c.d91f vlan 111 drop

395
Views
5
Helpful
3
Replies
CreatePlease to create content