Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

MAC address ACLs to the Net

How can I filter mac addresses that access the net? My understanding is that mac acls do not work for ip traffic.

3 REPLIES
Community Member

Re: MAC address ACLs to the Net

You can set up mac ACLs if you use "bridge-irb". Check out this link to see how to configure it...

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_summary_chapter09186a0080087d78.html#1019692

Community Member

Re: MAC address ACLs to the Net

Here's an example:

sh run

Building configuration...

Current configuration : 2431 bytes

!

version 12.2

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

!

!

bridge irb

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

bridge-group 2

bridge-group 2 input-address-list 700

!

interface Serial0/0

no ip address

no fair-queue

bridge-group 2

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface BVI2

ip address 10.2.0.20 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.2.0.1

no ip http server

ip pim bidir-enable

!

!

access-list 700 permit 00e0.b841.30bc 0000.0000.0000

access-list 700 permit 00e0.b841.349b 0000.0000.0000

access-list 700 permit 00e0.b841.2dea 0000.0000.0000

access-list 700 permit 00e0.b841.23e1 0000.0000.0000

access-list 700 permit 00e0.b841.23d8 0000.0000.0000

access-list 700 permit 00e0.b841.3096 0000.0000.0000

access-list 700 deny 0000.0000.0000 ffff.ffff.ffff

bridge 2 protocol ieee

bridge 2 route ip

privilege exec level 10 show run

privilege exec level 10 show running-configuration

privilege exec level 10 show configuration

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

!

!

end

Of course, your's won't be exactly like this, but this gives you and idea.

Community Member

Re: MAC address ACLs to the Net

Thanks, I will give it a try.

191
Views
0
Helpful
3
Replies
CreatePlease to create content