Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need help configuring a mac access-list extended

I am trying to block access of a single user by mac address to the network. I would like to use an acl in my 4500 router to block the address on the distribution port coming from that area of my network. I have an ip acl to control the latest batch of virus traffic outbound on the router interface for all my vlans which appears to eliminate an outbound mac acl on my port. I have used the following acl as a test on my laptop and am still successfully getting a dhcp address.

mac access-list ext stomp

deny host 000A.5E01.011F any

deny any host 000A.5E01.011F

permit any any

int giga2/2

mac access-group stomp in



Re: Need help configuring a mac access-list extended

A router which is routing packets (L3) does not look at the layer 2 information. To filter on MAC addresses, the interface has to be part of a bridge group. You would need to create a 700 range access list and then apply it to an interface in the bridge group.

Community Member

Re: Need help configuring a mac access-list extended

The 4500 is a L3 switch and I'm applying the access-list to a switch port, not one of the routing interfaces. Is an access-list an incorrect way to do this? Thanks for the help!

CreatePlease to create content