Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

limit access to vlan with mac access-list not working

I try to limit the access to my switches using a mac access-list that allow only certain mac to do ARP and assign this filter to a particular vlan.

I setup it as follow:

*************************

mac access-list extended Allowed-mac

permit host 0002.b305.7bab any 0x806 0x0

permit host 001a.4b86.6fad any 0x806 0x0

vlan access-map forward-arp 10

action forward

match mac address CMB-Allowed-mac

vlan access-map forward-arp 20

action drop

vlan filter forward-arp vlan-list 50

************************

Once I apply the filter to the vlan50 ALL clients on this vlan are not able to communicate, so it seems that the permitted host are not allowed.

Any idea where I'm wrong?

THANK YOU

3 REPLIES
New Member

Re: limit access to vlan with mac access-list not working

the correct running configuration is the following:

*************

mac access-list extended Allowed-mac

permit host 0002.b305.7bab any 0x806 0x0

permit host 001a.4b86.6fad any 0x806 0x0

vlan access-map forward-arp 10

action forward

match mac address Allowed-mac

vlan access-map forward-arp 20

action drop

vlan filter forward-arp vlan-list 50

**************************

New Member

Re: limit access to vlan with mac access-list not working

This post could be not clear, I still have the problem, but the running configuration is not the first I post but the second.

Thank you.

New Member

Re: limit access to vlan with mac access-list not working

Solved with an access list applied on each port as follow:

**************

mac access-list extended Allowed-mac

permit host 0002.b305.7bab any

permit host 001a.4b86.6fad any

!

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

mac access-group Allowed-mac in

spanning-tree portfast

******************

296
Views
0
Helpful
3
Replies
CreatePlease to create content