Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

Stopping MAC addresses on 3560 switch interfaces

mark.osborne
Level 1
Level 1

‎04-13-2006 03:02 AM - edited ‎03-03-2019 02:48 AM

Hi,

I would like to stop certain MAC addresses connecting to the network via a 3560 switch and have configured the config below for VLAN 1. All interfaces belong to VLAN 1. Can anyone tell me if this is the correct config or have I missed something?

mac access-list extended Bad_Hosts

permit host 0011.434c.d9bf any 0x806 0x0

permit host 0011.434a.8026 any 0x806 0x0

permit host 000b.5d2a.23e3 any 0x806 0x0

permit host 000b.5d0e.4019 any 0x806 0x0

!

!

vlan access-map MAC 10

action drop

match mac address Bad_Hosts

vlan access-map MAC 20

action forward

vlan filter MAC vlan-list 1

Regards

Mark

Network Specialist

Labels:
0 Helpful
1 Reply 1

stephtchoko
Level 3
Level 3

‎04-13-2006 06:20 AM

It look like, all the host 'll be reject.

Try:

mac access-list extended Bad_Hosts

deny host 0011.434c.d9bf any 0x806 0x0

deny host 0011.434a.8026 any 0x806 0x0

deny host 000b.5d2a.23e3 any 0x806 0x0

deny host 000b.5d0e.4019 any 0x806 0x0

permit any any

!

!

vlan access-map MAC 10

match mac address Bad_Hosts

action forward

vlan access-map MAC 20

action drop

vlan filter MAC vlan-list 1

Please, hope this help and rate this post.

0 Helpful
Customers Also Viewed These Support Documents