Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 1711 router (ACL)

Can you block a particular MAC address via an access-list?

  • Other Network Infrastructure Subjects
5 REPLIES
Silver

Re: Cisco 1711 router (ACL)

access-lists in the range of 700-799 should be for mac addresses.

ex: access-list 700 deny 0800.2000.0000 0000.00FF.FFFF

Hope this helps.

Steve

Silver

Re: Cisco 1711 router (ACL)

With some creativity you can.

You can use static ARP entry for that particular host. Create an ACL to block the IP address.

For instance

arp 192.168.11.1 00-60-97-d5-26-ab FastEthernet 0/0

Router

ip access-list standard 1

deny ip host 192.168.11.1

permit ip any

HTH

New Member

Re: Cisco 1711 router (ACL)

I did find the example posted above:

ex: access-list 700 deny 0800.2000.0000 0000.0000.0000

Also, I'm not familiar with static arp entries. Could you post an example?

Thanks

Silver

Re: Cisco 1711 router (ACL)

See my example above.

Silver

Re: Cisco 1711 router (ACL)

The static arp example is a unique way to permantly bond an IP and MAC address. Thus allowing you the ability to block it using a normal IP access-list. If you are sure you want to block just that 1 MAC address I would use the access-list 700 instead.

256
Views
0
Helpful
5
Replies
This widget could not be displayed.