Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Catalyst 4506 MAC address ACL

Hi,

How do I enter the MAC addresses into the switch. I only want to provide access for known MAC Adresses.

When a user from the internet uses VPN can the user still work?

2 REPLIES
New Member

Re: Catalyst 4506 MAC address ACL

Hi,

Mac access lists have numbers between 700-799,for example:

access-list 700 deny ac.5f.87.d4.87.bb 00.00.00.00.00.00

access-list 700 permit 00.00.00.00.00.00 ff.ff.ff.ff.ff.ff

For connections where a router is present,the source MAC address might be from the router, if you configure a VPN tunnel for example between two routers with multiple routers in the path, the received frame will have the Mac address of the tunnel router at the remote site because the original frames are tunneled. However, the router will still change the source mac address when the data is sent to a user, unless you configure bridging and disabled routing to the bridged interface.

If you need this kind of security,I think it would be easier to configure dot1x authentication on the switch, and install the dot1x software on the client. This method is also used for wireless LANs because it is more secure than any authentication keys sent through the air.

Hope I helped

Jawad

New Member

Re: Catalyst 4506 MAC address ACL

100
Views
0
Helpful
2
Replies
CreatePlease to create content