Solved: Re: Blocking Certain MAC Addresses - Cisco Community

395

Views

4

Helpful

3

Replies

Is it possible on a switch to PREVENT certain MAC addresses from connecting to a port ? I am aware that with commands such as :-

switchport port-security

switchport mode access

switchport port-security mac-address xxxx.yyyy.zzzz

switchport port-security mac-address sticky

switchport port-security maximum max

switchport port-security violation { protect | restrict | shutdown }

it is possible to allow only certain MAC addresses to connect to the port. However are there any commands which can EXCLUDE some particular MAC address, (without having to follow the above approach of defining all the allowed MAC addresses) ?

1 Accepted Solution

Accepted Solutions

Go to this link and refere to MAC ACL,

http://www.cisco.com/en/US/products/ps6406/products_command_reference_chapter09186a00805f46f1.html#wp2782860

e..g

mac access-list extended MACs-allowed

permit host xxxx.xxxx.xxxx any

int fa0/1

mac access-group MACs-allowed in

int fa0/2

mac access-group MACs-allowed in

HTH

Jorge

Jorge Rodriguez

View solution in original post

3 Replies 3

Go to this link and refere to MAC ACL,

http://www.cisco.com/en/US/products/ps6406/products_command_reference_chapter09186a00805f46f1.html#wp2782860

e..g

mac access-list extended MACs-allowed

permit host xxxx.xxxx.xxxx any

int fa0/1

mac access-group MACs-allowed in

int fa0/2

mac access-group MACs-allowed in

HTH

Jorge

Jorge Rodriguez

Hi Friend,

Mac Acl can be used only to restrict non ip traffic. As far as your requirement goes I believe port securty is the best option.

HTH

Ankur

Rossua, I have to agree with Ankur..in this case your best bet is port security, I am not aware of a way to exclude some mac address in port security. In this case the MAC access list woul be for non-ip traffic,

e.g. bridging would be an example of applying the mac acl.

Jorge Rodriguez

Review Cisco Networking products for a $25 gift card