Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

mac address blocking

What is the command use for Mac address base blocking, in 6500 and 3550?

Search in CCO show:

>mac address-table static xxx.xxx.xxx Vlan drop.

In my 6509 the same cli end at interface but not "drop". What ios version of 6500

and 3550 support this "drop" feature?

Thanks

5 REPLIES
New Member

Re: mac address blocking

Use "mac access-list" in conjunction with "access-map" and "vlan filter".. check the following,

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1214ea1/3550cr/cli1.htm#53453

New Member

Re: mac address blocking

Thanks for the info. Pls let me know if this config. look right?

To stop the mac address from vlan 10:

MAC acl:

>mac access-list extended DROP

>permit host 0000.0112.03e4 any

Access map:

>Vlan access-map ToDrop

>action drop

>match mac-address DROP

Vlan filter:

>Vlan filter ToDrop vlan-list 10

Thanks

BD

New Member

Re: mac address blocking

Looks fine to me..

New Member

Re: mac address blocking

Thanks Osam, one of my buddy show me a neat trick and it's work :

>mac-address-table static 0040.058f.01f0 vlan 430 interface GigabitEthernet1/1

everything is correct but the interface only allow a certain vlan. With this table, the switch will send the packet from this mac to a blackhole.

New Member

Re: mac address blocking

what then would this command need to not have a black hole??

131
Views
5
Helpful
5
Replies
CreatePlease to create content