Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Deny client access based on MAC address

I need to be able to deny a client machine access to the network based on the MAC address of the NIC.

How is this accomplished on a 3750G running 12.2.50 IOS.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Deny client access based on MAC address

Hi,

Please check this link,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1289037

Another simple way,

Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop

Below is the explanation of the command:

mac address-table static drop

Use the mac address-table static drop global configuration command on the

switch stack or on a standalone switch to enable unicast MAC address

filtering and to configure the switch to drop traffic with a specific source

or destination MAC address. Use the no form of this command to return to the

default setting.

mac address-table static mac-addr vlan vlan-id drop

no mac address-table static mac-addr vlan vlan-id

Regards,

~JG

Do rate helpful posts

5 REPLIES
Hall of Fame Super Silver

Re: Deny client access based on MAC address

Hello Anthony,

verify if the device supports MAC address ACLs

700-799

48-bit MAC address access list

try to create an ACL like

access-list 700 deny NIC-mac 0000.0000.0000

access-list 700 permit 0000.0000.0000 ffff.ffff.ffff

Hope to help

Giuseppe

Community Member

Re: Deny client access based on MAC address

Yes, the 3750 switch supports that ACL type. Then what do I do?

Re: Deny client access based on MAC address

Hi ,

You can set dot1x authentication,as that will give you complete control over user trying to connect.

You can do machine and user authentication

Or

You can set up Port security feature, that will only allow specific mac to connect.

Regards,

~JG

Do rate helpful posts

Community Member

Re: Deny client access based on MAC address

I'm trying to deny a client based on the mac-address because the machine has a virus and needs to be cleaned.

In the CatOS, there was a command "set cam static filter HHHH.HHHH.HHHH" which would deny that mac address access to the switch. I'm looking for something as simple in the IOS sw running on the 3750G

Re: Deny client access based on MAC address

Hi,

Please check this link,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1289037

Another simple way,

Switch(config)#mac address-table static 000f.1f43.e62a vlan 8 drop

Below is the explanation of the command:

mac address-table static drop

Use the mac address-table static drop global configuration command on the

switch stack or on a standalone switch to enable unicast MAC address

filtering and to configure the switch to drop traffic with a specific source

or destination MAC address. Use the no form of this command to return to the

default setting.

mac address-table static mac-addr vlan vlan-id drop

no mac address-table static mac-addr vlan vlan-id

Regards,

~JG

Do rate helpful posts

1738
Views
0
Helpful
5
Replies
CreatePlease to create content