Blocking a mac address with a vlan-access map not working
I need to block a specific mac address from our LAN. I put in place the vlan filter below, but it seems that I got it wrong, as the mac still popps up after clearing the arp cache. Any suggestions on where I went wrong?
mac access-list extended USER1 permit host b8ac.6f6a.5e5c any mac access-list extended log
vlan access-map BLOCK_USER1 10 action drop match mac address USER1 log
Re: Blocking a mac address with a vlan-access map not working
Thanks for the response. I cleared the arp cache after applying the filter to the vlan. The mac address popped up the next day in the vlan. This is an access switch so there is only the one vlan on it.
Re: Blocking a mac address with a VLAN-access map not working
VACL's will stop the switch from seeing the MAC address. DHCP, ARP, etc will not be looked at by VACL's. VACL's only work on intervlan L2 traffic and not on L3 traffic so it will not totally block all access. I think dot1x security might be something for this but I am not that familiar with that to know.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...