Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list 700

Hello,

I define an access-list 700 like this:

access-list 700 permit 000e.3543.2c81

to authorize only one computer to a port.

conf t

int Fa0/1

bridge-group 1 input-address-list 700

I want to apply that to a port Fa0/1 so I can not find the good way because the port never become on err-disabled if I connect another computer.

I don't know why?

Thank you for your help...

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Access-list 700

Can you supply the access-List commands you used?

The commands should be as follows:

mac access-list extended MAC_Allowed

permit host (MAC Address / 48-bit) any

for example:

permit host 0050.56c0.0001 any

permit host 0019.b960.bbca any

int f0/1

mac access-group MAC_Allowed in

Please Rate if this helps.

6 REPLIES
New Member

Re: Access-list 700

Why dont you use port-security, and have the port go down when another mac is seen. Might be the easier way to go.

New Member

Re: Access-list 700

I have 3 ou 4 mac-addresse to permit and deny all others. So, port-security must have one mac-address...

New Member

Re: Access-list 700

I have to agree with Jason though...why not implement port-security on the specified port which in this case f0/1.

Commands:

switchport mode access

switchport port-security

switchport port-security maximum 4

The default action is to shutdown the interface. You can change this if you type "switchport port-security violation (option)" Options being "protect", "restrict" or "shutdown". Restrict is a nice option if you do not want to shut the interface down but still block unknown addresses. I think this is what you were looking for.

What this will do is learn up to 4 (in my example) then shut the interface down if anything is outside of that list (unless you change the option). For this to effectively work, you would have to configure this on your switchport then plug in each machine (or device) to have the switch learn the MAC addresses.

Please rate if it helps.

New Member

Re: Access-list 700

Yes it's help me. But I must have the 4 computers with me. I will be easier for me if I can put the mac-address in config.

And, I still don't know how to apply an access-list 700 on a port. I found nothing in the Internet and I use the syntax command propose by CISCO but it's dosen't work.

Switch(config-if)#mac access-group 700 in

% Invalid access list name.

Switch(config-if)#

Nobody seems to understand it.

New Member

Re: Access-list 700

Can you supply the access-List commands you used?

The commands should be as follows:

mac access-list extended MAC_Allowed

permit host (MAC Address / 48-bit) any

for example:

permit host 0050.56c0.0001 any

permit host 0019.b960.bbca any

int f0/1

mac access-group MAC_Allowed in

Please Rate if this helps.

New Member

Re: Access-list 700

Thank you very much. It's working.

2686
Views
0
Helpful
6
Replies