Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking Certain MAC Addresses

Is it possible on a switch to PREVENT certain MAC addresses from connecting to a port ? I am aware that with commands such as :-

switchport port-security

switchport mode access

switchport port-security mac-address xxxx.yyyy.zzzz

switchport port-security mac-address sticky

switchport port-security maximum max

switchport port-security violation { protect | restrict | shutdown }

it is possible to allow only certain MAC addresses to connect to the port. However are there any commands which can EXCLUDE some particular MAC address, (without having to follow the above approach of defining all the allowed MAC addresses) ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Blocking Certain MAC Addresses

Go to this link and refere to MAC ACL,

http://www.cisco.com/en/US/products/ps6406/products_command_reference_chapter09186a00805f46f1.html#wp2782860

e..g

mac access-list extended MACs-allowed

permit host xxxx.xxxx.xxxx any

int fa0/1

mac access-group MACs-allowed in

int fa0/2

mac access-group MACs-allowed in

HTH

Jorge

3 REPLIES

Re: Blocking Certain MAC Addresses

Go to this link and refere to MAC ACL,

http://www.cisco.com/en/US/products/ps6406/products_command_reference_chapter09186a00805f46f1.html#wp2782860

e..g

mac access-list extended MACs-allowed

permit host xxxx.xxxx.xxxx any

int fa0/1

mac access-group MACs-allowed in

int fa0/2

mac access-group MACs-allowed in

HTH

Jorge

Cisco Employee

Re: Blocking Certain MAC Addresses

Hi Friend,

Mac Acl can be used only to restrict non ip traffic. As far as your requirement goes I believe port securty is the best option.

HTH

Ankur

Re: Blocking Certain MAC Addresses

Rossua, I have to agree with Ankur..in this case your best bet is port security, I am not aware of a way to exclude some mac address in port security. In this case the MAC access list woul be for non-ip traffic,

e.g. bridging would be an example of applying the mac acl.

130
Views
4
Helpful
3
Replies
CreatePlease login to create content