Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Creating mac ACL to block web access

Hi experts

I've got a scenario where I need to block some hosts using their mac address from accessing internet on port 80. How can I do that? currently I can only create a MAC address based ACL or IP based ACL, not something with both

I need to do this because I've got a DHCP serving the area, though I can fix the host mac to a static IP in DHCP, but users can still change the IP and get around it.

My equipment consists of 2801 Router and 3560 switch


Re: Creating mac ACL to block web access

You can use CBAC. CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information. You can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. CBAC can inspect traffic for sessions that originate from either side of the firewall, and CBAC can be used for intranet, extranet, and Internet perimeters of your network.

New Member

Re: Creating mac ACL to block web access

whats a CBAC? I don't intend to have a firewall in place