Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Layer 2 - Access Lists

Hi everyone.

I'm trying to find out how I can configure a "MAC Access-list" to allow only HP Devices through a switch port.

I have never used this feature before and cannot seem to find any examples of how to do it ..

Can anyone help ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Layer 2 - Access Lists

To be honest I have never tried to block only part of a MAC address, but I suppose it's possible.

I would try something like:-

mac access-list ext filtermac

permit host 001b.38FF.FFFF any

As the f = broadcast = does not matter, try it out on a non-production switch port with a test HP NIC on it?

HTH>

10 REPLIES
Community Member

Re: Layer 2 - Access Lists

Sorry this is beinf done on Cisco 2960 & 3750 switches.

cheers

Re: Layer 2 - Access Lists

Mike,

I would config something like:-

mac access-list ext filtermac

permit host 0000.0000.0001 any

permit host 0000.0000.0002 any

permit host 0000.0000.0003 any

HTH>

Community Member

Re: Layer 2 - Access Lists

Hi Andrew

Thanks for the reply. But I need to allow any HP device only and block the rest.

mac access-list ext filtermac

permit host 001b.38xx.xxxx any

Something like above. I'm unsure of the syntax or if it can be done ?

Re: Layer 2 - Access Lists

To be honest I have never tried to block only part of a MAC address, but I suppose it's possible.

I would try something like:-

mac access-list ext filtermac

permit host 001b.38FF.FFFF any

As the f = broadcast = does not matter, try it out on a non-production switch port with a test HP NIC on it?

HTH>

Community Member

Re: Layer 2 - Access Lists

Hi

I have just tried that with no luck using a Dell Laptop. I have also tried it with zeroes as well with no luck.

mac access-list extended DELLONLY

permit host 0015.c5ff.ffff any

Community Member

Re: Layer 2 - Access Lists

If I specify the full mac address it works no problem.. But I need to find a way to only allow HP Laptops which will mean wildcarding out a portion of the mac address ..

Re: Layer 2 - Access Lists

OK - then I would turn logging on a debugging and see what is going on, and refine the ACL that way?

HTH>

Community Member

Re: Layer 2 - Access Lists

Hello Andrew

For some strange reason, it has decided to work. But I do not know why ... I just started a constant ping and up it came ...

However, it has caused another issue and that is from time to time the pings fail for about 30 packets and then resume ...

Re: Layer 2 - Access Lists

I would check the following:-

1) Spanningtree

2) Does the server have dual NIC's?

3) If answer to question 2 is yes - check teaming config

HTH>

Community Member

Re: Layer 2 - Access Lists

I only have a single switch for this testing. Spanning Tree is set to rapid, portfast is enabled and the laptop I'm using only has one connection.

The loss of packets has not occured for sometime now ... ..

162
Views
0
Helpful
10
Replies
CreatePlease to create content