11-30-2005 06:55 AM - edited 03-03-2019 12:58 AM
Can you block a particular MAC address via an access-list?
11-30-2005 07:27 AM
access-lists in the range of 700-799 should be for mac addresses.
ex: access-list 700 deny 0800.2000.0000 0000.00FF.FFFF
Hope this helps.
Steve
11-30-2005 07:29 AM
With some creativity you can.
You can use static ARP entry for that particular host. Create an ACL to block the IP address.
For instance
arp 192.168.11.1 00-60-97-d5-26-ab FastEthernet 0/0
Router
ip access-list standard 1
deny ip host 192.168.11.1
permit ip any
HTH
11-30-2005 07:48 AM
I did find the example posted above:
ex: access-list 700 deny 0800.2000.0000 0000.0000.0000
Also, I'm not familiar with static arp entries. Could you post an example?
Thanks
11-30-2005 07:59 AM
See my example above.
11-30-2005 10:04 AM
The static arp example is a unique way to permantly bond an IP and MAC address. Thus allowing you the ability to block it using a normal IP access-list. If you are sure you want to block just that 1 MAC address I would use the access-list 700 instead.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide