Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
2
Replies

Need help configuring a mac access-list extended

linfield
Level 1
Level 1

‎09-12-2003 01:52 PM - edited ‎02-20-2020 09:22 PM

I am trying to block access of a single user by mac address to the network. I would like to use an acl in my 4500 router to block the address on the distribution port coming from that area of my network. I have an ip acl to control the latest batch of virus traffic outbound on the router interface for all my vlans which appears to eliminate an outbound mac acl on my port. I have used the following acl as a test on my laptop and am still successfully getting a dhcp address.

mac access-list ext stomp

deny host 000A.5E01.011F any

deny any host 000A.5E01.011F

permit any any

int giga2/2

mac access-group stomp in

Thanks!

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎09-30-2003 06:48 AM

A router which is routing packets (L3) does not look at the layer 2 information. To filter on MAC addresses, the interface has to be part of a bridge group. You would need to create a 700 range access list and then apply it to an interface in the bridge group.

0 Helpful

linfield
Level 1
Level 1
In response to jsivulka

‎09-30-2003 02:56 PM

The 4500 is a L3 switch and I'm applying the access-list to a switch port, not one of the routing interfaces. Is an access-list an incorrect way to do this? Thanks for the help!

0 Helpful
Customers Also Viewed These Support Documents