Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
6
Replies

Filter MAC addressses on a Cat3500XL?

andy.cruz
Level 1
Level 1

‎06-08-2003 08:13 PM - edited ‎03-02-2019 07:58 AM

I believe I can use 'mac access-list extended' command to filter MAC addresses on a Catalyst 3550 although it was also mentioned that MAC access list numbers from 700 to 799 are not supported. Since it is not mentioned (or included) in the Catalyst 3500XL's documentation, does it mean it's not possible to filter MAC addresses on the 3500XL? I cannot verify this now because I don't have a 3500XL yet. I just wanted to know if MAC address filtering is possible on this switch.

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

raymong
Level 4
Level 4

‎06-09-2003 03:43 AM

Yes, you can use the 'mac access-list extended' command on the CAT3550 to create an ACL for non IP traffic based on MAC address. Refer to the following link for a complete list of commands supported on the CAT3550.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_reference_book09186a00800c6ec0.html

0 Helpful

rjackson
Level 5
Level 5
In response to raymong

‎06-09-2003 06:04 AM

But I dont think the 3500XL can do it.

0 Helpful

rjackson
Level 5
Level 5
In response to rjackson

‎06-09-2003 06:08 AM

I was wrong. This is from one of my 3548XL switches

HQ2910-TC2-Sw3(config)#mac ?

access-list Named access-list

address-table Configure the MAC address table

HQ2910-TC2-Sw3(config)#mac access-list ?

extended Extended Access List

HQ2910-TC2-Sw3(config)#mac access-list ext ?

WORD access-list name

HQ2910-TC2-Sw3(config)#mac access-list ext

0 Helpful

andy.cruz
Level 1
Level 1
In response to rjackson

‎06-09-2003 04:08 PM

Thanks for the reply. Would you mind telling me what IOS version are you using?

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎04-18-2018 11:19 PM

You can anable port security on that interface.

set port security 2/1 enable

Console (enable) set port security 2/1 enable 00-90-2b-03-34-08

Port 2/1 port security enabled with 00-90-2b-03-34-08 as the secure mac address

Trunking disabled for Port 2/1 due to Security Mode

Console (enable)

Where 2/1 is the Server port.

You can see more in detail on below link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/7.x/configuration/guide/sec_port.html

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎04-26-2018 10:25 PM

In Wireless Network devices like Wireless Access Points / Wireless Routers, etc there is an option for MAC Filtering. The Wireless Routers / Access points connect to only those devices whose MAC addresses have already been approved to connect to them (Using a list of White Listed MAC addresses that is already stored inside them). This provides some basic level security and can prevent casual network browsers from connecting to the wireless network. But MAC filtering does not give adequate security for wireless networks due to MAC Spoofing which is discussed below.

In fact, MAC filtering is also employed to provide selective access to other types of network devices like wired switches, etc. Even multiple VLAN ‘s (Virtual LAN) can be formed, each containing a group of devices with certain MAC addresses. When using a corporate directory authentication like LDAP /RADIUS /Active Directory, it is possible to verify both user id / password (and) device MAC address before giving network access to a user.

0 Helpful
Customers Also Viewed These Support Documents