09-12-2003 01:52 PM - edited 02-20-2020 09:22 PM
I am trying to block access of a single user by mac address to the network. I would like to use an acl in my 4500 router to block the address on the distribution port coming from that area of my network. I have an ip acl to control the latest batch of virus traffic outbound on the router interface for all my vlans which appears to eliminate an outbound mac acl on my port. I have used the following acl as a test on my laptop and am still successfully getting a dhcp address.
mac access-list ext stomp
deny host 000A.5E01.011F any
deny any host 000A.5E01.011F
permit any any
int giga2/2
mac access-group stomp in
Thanks!
09-30-2003 06:48 AM
A router which is routing packets (L3) does not look at the layer 2 information. To filter on MAC addresses, the interface has to be part of a bridge group. You would need to create a 700 range access list and then apply it to an interface in the bridge group.
09-30-2003 02:56 PM
The 4500 is a L3 switch and I'm applying the access-list to a switch port, not one of the routing interfaces. Is an access-list an incorrect way to do this? Thanks for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide