Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

lock vlan with mac address

hi,

  we are using a 3750 switch. we have three vlans and we want to allow only the mac addresses of our user PCs in the respective vlans. so far we have not done this. is  there a way to import all the users' mac address at one shot as we have hundreds of users?? do i just create a mac extended  access list and apply it to an interface? please help me out. thanks.

6 REPLIES

lock vlan with mac address

Hi

So I understand you have 3 vlans, and you have a 3750 switchports configured as an access port, some switchport belongs to vlan x, other to vlan y and other to vlan z.

I think this configuration should work.

stack(config-if)#do sh run inter gig 2/3/4

Building configuration...

interface GigabitEthernet2/3/4

switchport

switchport mode access

switchport access vlan x

switchport port-security <=== Enables port-security

switchport port-security mac-address sticky <=== mac-address will learn only one and the first mac address through

that port.

switchport port-security violation restricted

shutdown

end

Regards.

Wilson B

New Member

Re: lock vlan with mac address

thanks for the reply wilson. we have three vlans  configured on an l3 3750 switch which spans across six L2 2960  switches. we want to provide  access only to the respective users in their respective vlans only. we want to have a mac  access list  configured for this. is there a way to import an access list in cisco because once we create the access list, we will have to add  hundreds of users. and is it enough if the access list is applied to the trunk ports in the l3 switch?

Re: lock vlan with mac address

Hi Aniruddha

It says: "We want to provide  access only to the respective users in their respective vlans only"

Why would you like to configure a mac access list? why don't you just configure a regular access list and deny traffic from one broadcast domain to another, and then permit everything else.

Another path is to configure private vlans, and configure as community vlans those 3 vlans configured in the layer 3 switches.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swpvlan.html

Btw I don't know of any method to import mac-addreeses.

Regards.

Wilson B.

New Member

Re: lock vlan with mac address

i am sorry for not making myself clear. actually we do not want any of the users to connect any of their other  devices like laptops or anything else to the network. its  a security measure that we were trying to implement as  a part of the company policies.

Purple

lock vlan with mac address

Hi,

MAC ACLs won't work as they will only filter non IP traffic.

The best way to achieve what you want is to use 802.1x with a Radius server and use MAB.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-663759.html

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

lock vlan with mac address

thanks a lot. i will surely go through  the link.

257
Views
0
Helpful
6
Replies