08-12-2007 04:40 AM - edited 03-05-2019 05:51 PM
Is it possible on a switch to PREVENT certain MAC addresses from connecting to a port ? I am aware that with commands such as :-
switchport port-security
switchport mode access
switchport port-security mac-address xxxx.yyyy.zzzz
switchport port-security mac-address sticky
switchport port-security maximum max
switchport port-security violation { protect | restrict | shutdown }
it is possible to allow only certain MAC addresses to connect to the port. However are there any commands which can EXCLUDE some particular MAC address, (without having to follow the above approach of defining all the allowed MAC addresses) ?
Solved! Go to Solution.
08-12-2007 05:45 AM
Go to this link and refere to MAC ACL,
e..g
mac access-list extended MACs-allowed
permit host xxxx.xxxx.xxxx any
int fa0/1
mac access-group MACs-allowed in
int fa0/2
mac access-group MACs-allowed in
HTH
Jorge
08-12-2007 05:45 AM
Go to this link and refere to MAC ACL,
e..g
mac access-list extended MACs-allowed
permit host xxxx.xxxx.xxxx any
int fa0/1
mac access-group MACs-allowed in
int fa0/2
mac access-group MACs-allowed in
HTH
Jorge
08-12-2007 07:28 AM
Hi Friend,
Mac Acl can be used only to restrict non ip traffic. As far as your requirement goes I believe port securty is the best option.
HTH
Ankur
08-12-2007 08:48 AM
Rossua, I have to agree with Ankur..in this case your best bet is port security, I am not aware of a way to exclude some mac address in port security. In this case the MAC access list woul be for non-ip traffic,
e.g. bridging would be an example of applying the mac acl.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: