On c3750 switch running 12.2(55)SE2, as an alternate to static port security I'm trying to use MAC acl on a group of switch ports in a lab area where users need to be able to move around to different ports. ACL looks like this:
Extended mac accesslist lab
permit host <mac address#1> any
permit host <mac address#2> any
permit host <mac address#3> any
deny any any
and applied to desired ports
mac access-group lab in
As far as I can tell the acl has no effect in filtering mac addresses either to permit or deny. What am I missing?
Yes I see where you mean, I believe the thing is in the doc there is first a description of a mac acl <700-799> which is available as an option on switches running in layer 3 IP routing mode ,then followed by mac access-list extended, which for what ever reason will only filter non-IP traffic. My 3750 switch is running IP Base IOS code at layer 2 and the only command option I'm seeing in that mode for mac acls is the mac access-list extended.
The capability of MAC ACLs to filter IP traffic depends very strongly on the particular platform. The link Alain posted is taken from the general IOS documentation and not from the documentation related to a particular switch. However, if looking specifically on 3750, this are the appropriate documents:
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.