09-29-2008 12:35 AM - edited 03-06-2019 01:39 AM
Hi everyone.
I'm trying to find out how I can configure a "MAC Access-list" to allow only HP Devices through a switch port.
I have never used this feature before and cannot seem to find any examples of how to do it ..
Can anyone help ?
Solved! Go to Solution.
09-29-2008 02:22 AM
To be honest I have never tried to block only part of a MAC address, but I suppose it's possible.
I would try something like:-
mac access-list ext filtermac
permit host 001b.38FF.FFFF any
As the f = broadcast = does not matter, try it out on a non-production switch port with a test HP NIC on it?
HTH>
09-29-2008 12:36 AM
Sorry this is beinf done on Cisco 2960 & 3750 switches.
cheers
09-29-2008 12:55 AM
Mike,
I would config something like:-
mac access-list ext filtermac
permit host 0000.0000.0001 any
permit host 0000.0000.0002 any
permit host 0000.0000.0003 any
HTH>
09-29-2008 01:04 AM
Hi Andrew
Thanks for the reply. But I need to allow any HP device only and block the rest.
mac access-list ext filtermac
permit host 001b.38xx.xxxx any
Something like above. I'm unsure of the syntax or if it can be done ?
09-29-2008 02:22 AM
To be honest I have never tried to block only part of a MAC address, but I suppose it's possible.
I would try something like:-
mac access-list ext filtermac
permit host 001b.38FF.FFFF any
As the f = broadcast = does not matter, try it out on a non-production switch port with a test HP NIC on it?
HTH>
09-29-2008 02:27 AM
Hi
I have just tried that with no luck using a Dell Laptop. I have also tried it with zeroes as well with no luck.
mac access-list extended DELLONLY
permit host 0015.c5ff.ffff any
09-29-2008 02:28 AM
If I specify the full mac address it works no problem.. But I need to find a way to only allow HP Laptops which will mean wildcarding out a portion of the mac address ..
09-29-2008 02:36 AM
OK - then I would turn logging on a debugging and see what is going on, and refine the ACL that way?
HTH>
09-29-2008 04:19 AM
Hello Andrew
For some strange reason, it has decided to work. But I do not know why ... I just started a constant ping and up it came ...
However, it has caused another issue and that is from time to time the pings fail for about 30 packets and then resume ...
09-29-2008 04:23 AM
I would check the following:-
1) Spanningtree
2) Does the server have dual NIC's?
3) If answer to question 2 is yes - check teaming config
HTH>
09-29-2008 04:27 AM
I only have a single switch for this testing. Spanning Tree is set to rapid, portfast is enabled and the laptop I'm using only has one connection.
The loss of packets has not occured for sometime now ... ..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: