05-22-2006 08:58 PM - edited 03-03-2019 03:19 AM
Hi,
I am trying to use deny mac acl in the 4500 series switch runnning cisco IOS but the command seems to be not working.
Here is the command,
mac access-list extended ABC
deny host 0001.8052.25FF any
int f4/11
mac access-group ABC in
Is there anything I am missing or is it a bug.
Thanks,
05-23-2006 04:53 AM
What type of traffic are you trying to deny? Mac access-list applies only to non-IP traffic.
PS: Remember to rate useful posts.
05-24-2006 09:25 PM
Hi Prashanth,
Thanks for the reply. I have been trying to restrict IP traffic based on mac access-list. I have already configured this on 2950 for allow access and it is working fine. But the same kind of access-list when put in 4500 doesnot seem to be working.
Basically, I want specific mac-address not to connect to the network.
Thanks,
05-25-2006 03:43 AM
Hello Sagar Shetty,
I just replied to another similar qtn. I'm cannot be certain as to why the mac acl is not working. It could be a number of reasons and 'bug' is most definately one of them.
Anyhow, have you considered using port based security?. If not take a read from the following url:
hth
Ajaz Nawaz
03-22-2013 03:56 AM
4500 the Mac access-list works a little different than 29XX and 37XX switches. Unlike 2K and 3k switches, here the ARP traffic is not blocked by default. We have to use the "arp-non-ipv4" suffix.
Example.
Dist-1#sh access-lists test1
Extended MAC access list test1
deny host 406c.8f58.9380 any protocol-family arp-non-ipv4
permit any any
Agreed that Mac ACL doesn't block ipv4 traffic, but if we are using the ACL on edge access ports, blocking the ARP will stop the host from intializing and thus stops IPV4 as well.
Cheers,
Akshay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide