Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Mac access-list not working in Cisco 4500

Hi,

I am trying to use deny mac acl in the 4500 series switch runnning cisco IOS but the command seems to be not working.

Here is the command,

mac access-list extended ABC

deny host 0001.8052.25FF any

int f4/11

mac access-group ABC in

Is there anything I am missing or is it a bug.

Thanks,

4 REPLIES
Cisco Employee

Re: Mac access-list not working in Cisco 4500

What type of traffic are you trying to deny? Mac access-list applies only to non-IP traffic.

PS: Remember to rate useful posts.

New Member

Re: Mac access-list not working in Cisco 4500

Hi Prashanth,

Thanks for the reply. I have been trying to restrict IP traffic based on mac access-list. I have already configured this on 2950 for allow access and it is working fine. But the same kind of access-list when put in 4500 doesnot seem to be working.

Basically, I want specific mac-address not to connect to the network.

Thanks,

Silver

Re: Mac access-list not working in Cisco 4500

Hello Sagar Shetty,

I just replied to another similar qtn. I'm cannot be certain as to why the mac acl is not working. It could be a number of reasons and 'bug' is most definately one of them.

Anyhow, have you considered using port based security?. If not take a read from the following url:

<http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2c.html>

hth

Ajaz Nawaz

New Member

Mac access-list not working in Cisco 4500

4500 the Mac access-list works a little different than 29XX and 37XX switches. Unlike 2K and 3k switches, here the ARP traffic is not blocked by default. We have to use the "arp-non-ipv4" suffix.

Example.

Dist-1#sh access-lists test1

Extended MAC access list test1

    deny   host 406c.8f58.9380 any protocol-family arp-non-ipv4

    permit any any

Agreed that Mac ACL doesn't block ipv4 traffic, but if we are using the ACL on edge access ports, blocking the ARP will stop the host from intializing and thus stops IPV4 as well.

Cheers,

Akshay

1510
Views
0
Helpful
4
Replies
CreatePlease to create content