Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
5
Replies

Cisco 1711 router (ACL)

Mithrilhall
Level 1
Level 1

‎11-30-2005 06:55 AM - edited ‎03-03-2019 12:58 AM

Can you block a particular MAC address via an access-list?

Labels:
0 Helpful
5 Replies 5

stomasko
Level 4
Level 4

‎11-30-2005 07:27 AM

access-lists in the range of 700-799 should be for mac addresses.

ex: access-list 700 deny 0800.2000.0000 0000.00FF.FFFF

Hope this helps.

Steve

0 Helpful

leonvd79
Level 4
Level 4

‎11-30-2005 07:29 AM

With some creativity you can.

You can use static ARP entry for that particular host. Create an ACL to block the IP address.

For instance

arp 192.168.11.1 00-60-97-d5-26-ab FastEthernet 0/0

Router

ip access-list standard 1

deny ip host 192.168.11.1

permit ip any

HTH

0 Helpful

Mithrilhall
Level 1
Level 1
In response to leonvd79

‎11-30-2005 07:48 AM

I did find the example posted above:

ex: access-list 700 deny 0800.2000.0000 0000.0000.0000

Also, I'm not familiar with static arp entries. Could you post an example?

Thanks

0 Helpful

leonvd79
Level 4
Level 4
In response to Mithrilhall

‎11-30-2005 07:59 AM

See my example above.

0 Helpful

stomasko
Level 4
Level 4
In response to Mithrilhall

‎11-30-2005 10:04 AM

The static arp example is a unique way to permantly bond an IP and MAC address. Thus allowing you the ability to block it using a normal IP access-list. If you are sure you want to block just that 1 MAC address I would use the access-list 700 instead.

0 Helpful
Customers Also Viewed These Support Documents