Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
linfield
linfield
Community Member
‎09-12-2003 01:52 PM
‎09-12-2003 01:52 PM

Need help configuring a mac access-list extended

I am trying to block access of a single user by mac address to the network. I would like to use an acl in my 4500 router to block the address on the distribution port coming from that area of my network. I have an ip acl to control the latest batch of virus traffic outbound on the router interface for all my vlans which appears to eliminate an outbound mac acl on my port. I have used the following acl as a test on my laptop and am still successfully getting a dhcp address.

mac access-list ext stomp

deny host 000A.5E01.011F any

deny any host 000A.5E01.011F

permit any any

int giga2/2

mac access-group stomp in

Thanks!

0 Helpful
Reply
2 REPLIES
jsivulka
jsivulka Bronze
Bronze
‎09-30-2003 06:48 AM
‎09-30-2003 06:48 AM

Re: Need help configuring a mac access-list extended

A router which is routing packets (L3) does not look at the layer 2 information. To filter on MAC addresses, the interface has to be part of a bridge group. You would need to create a 700 range access list and then apply it to an interface in the bridge group.

0 Helpful
Reply
linfield
linfield
Community Member
‎09-30-2003 02:56 PM
‎09-30-2003 02:56 PM

Re: Need help configuring a mac access-list extended

The 4500 is a L3 switch and I'm applying the access-list to a switch port, not one of the routing interfaces. Is an access-list an incorrect way to do this? Thanks for the help!

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
316
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs