Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring a MAC access-list on 2950 switch

Hi, I am trying to configure a mac access-list on a cisco 2950 switch running version 12.1(22)EA10a. I have no problem configuring the actual mac access-list itself but when i come to apply it interface fa0/1 for example the 'mac access-group' command is not visible. I have the interface setup as a switchport to access vlan 1. Can anyone advise what im missing here?

Thanks in advance.

5 REPLIES
New Member

Re: Configuring a MAC access-list on 2950 switch

Hi, untill now i've never seen an access-list created the way u want to do it. But who am i, i haven't much experince yet.

But i think maby you mean the "switchport port-security" command. With this command [and subcommands] u can secure a switchport.

for example:

SW2(config)#int fast 0/5

SW2(config-if)#switchport mode access

SW2(config-if)#switchport port-security

SW2(config-if)#switchport port-security ?

aging Port-security aging commands

mac-address Secure mac address

maximum Max secure addresses

violation Security violation mode

SW2(config-if)#switchport port-security maximum 2

SW2(config-if)#switchport port-security violation protect

this was just 1 example, hope it could help.

bye flash...

New Member

Re: Configuring a MAC access-list on 2950 switch

Hi Flash, thanks for your reply. I am aware that you can use port security to secure a mac address against a port, however this feature does not allow you to configure the same mac address on multiple ports. This is why I was looking into using a 'mac access-list' to control access. As previously stated I have no problem actually configuring the mac-access list, the issue is that when I try to apply it to the interface the 'mac access-group' command is not present.

New Member

Re: Configuring a MAC access-list on 2950 switch

I am running into this issue, as well. Have you found a resolution?

Thanks,

Ed

New Member

Re: Configuring a MAC access-list on 2950 switch

Hi Ed, in the end I gave up and went with 802.1x port based authentication instead which requires the user to enter a username and password to enable the LAN port, the downside to this though is that you require a radius server to do the authentication.

New Member

Re: Configuring a MAC access-list on 2950 switch

You don't apply it to the interface; you should apply it to the vlan interface -2950 is a layer 2 switch.

Please let me know if this helps. Thanks.

443
Views
0
Helpful
5
Replies