10-16-2002 12:06 AM - edited 03-02-2019 02:06 AM
I try to enable traffic of a selected hosts via L2 port on catalyst 3550-24
and filter all other traffic. Next configuration was created:
mac access-list extended mac-port-0/3
permit host 0003.e48a.2c00 host 00c0.df10.825f
permit host 00c0.df10.825f host 0003.e48a.2c00
interface FastEthernet0/3
switchport access vlan 8
switchport mode access
no ip address
duplex full
speed 100
mac access-group mac-port-0/3 in
where 00c0.df10.825f is a MAC-address of my computer's NIC and
0003.e48a.2c00 is one of the default gateway (if I replace it with 'any' keyword
the result is the same).
When I apply this configuration to Catalyst it stops any traffic via fas0/3.
switch# sh access-lists hard count
Input Drops: 118 matches (7795 bytes)
Output Drops: 0 matches (0 bytes)
Input Forwarded: 90212 matches (34869496 bytes)
Output Forwarded: 0 matches (0 bytes)
Input Bridge Only: 0 matches (0 bytes)
Bridge and Route in CPU: 0 matches (0 bytes)
Route in CPU: 8491 matches (546918 bytes)
10-22-2002 10:31 AM
You must use switchport port-security mac-address command to limit access to specific workstations.
Check this URL for more details http://www.cisco.com/en/US/customer/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f37c.html#xtocid13
10-22-2002 10:04 PM
Yes, I know about 'switchport port-security' command, but it allows only 128 secured (static) MAC-addresses per device (not per port as writen in documentation !!!). I need significant more MAC-addresses !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: