Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9580
Views
0
Helpful
3
Replies

deny mac address

tmakhija82
Level 1
Level 1

‎06-22-2004 03:26 PM - edited ‎03-02-2019 04:33 PM

Hello,

How can I deny access by mac address in 3500XL series switch or in 3800 series router.

I want to block access some of computers in my network by mac address.

Tarun

Labels:
0 Helpful
3 Replies 3

rsissons
Level 5
Level 5

‎06-22-2004 05:52 PM

Since the 3800 router runs IOS, you can use an access-list of 700 to block mac addresses. See the following URL for more details

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca5fc.html

0 Helpful

nceitil
Level 1
Level 1

‎06-23-2004 02:47 AM

Hello Tarun,

Here is some info that might help

Works on 2950 and later switches. Does NOT work on 3500XL or older

!

mac access-list extended AntiVirus

deny host 0101.0101.abcd any

permit any any

!

interface FastEthernet0/2

des LINK TO ROUTER

switchport mode access

mac access-group AntiVirus in

!

NOTE

You cannot apply named MAC extended ACLs to Layer 3 interfaces.

The mac access-group interface configuration command is only valid when applied to a physical Layer 2 interface.You cannot use the command on EtherChannel port channels.

!

On a router

!

access-list 702 deny 0101.0101.abcd 0000.0000.0000

access-list 702 permit 0000.0000.0000 FFFF.FFFF.FFFF

!

int ethernet 0

access-expression input smac(702)

!

NOTE

An "access-expression" type filter cannot exist with a "source-bridge" type filter on the same interface. The two types of filters are mutually exclusive.

OR

access-list 702 deny 0101.0101.abcd 0000.0000.0000

access-list 702 permit 0000.0000.0000 FFFF.FFFF.FFFF

!

interface ethernet 0

bridge-group 1 input-address-list 702

!

EXTENDED ACL (USE IN/OUT Pattern Command)

!

access-list 1102 deny 000c.1b00.0000 0000.00ff.ffff 0000.0000.0000 ffff.ffff.ffff

access-list 1102 permit 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000 ffff.ffff.ffff

!

interface ethernet 0

bridge-group 1 input-pattern 1102

!

0 Helpful

mhchin
Level 1
Level 1
In response to nceitil

‎06-23-2004 10:18 PM

Hello,

I am using a CISCO 2621-XM Router running IOS 12.2.

I am trying to block a particular mac address using

access-list 701 deny 000b.cda7.c8f3

I tried applying the following to router's interface

interface fastethernet 0/0

bridge-group 1 input-address-list 701

Did not work!

access-expression input smac(701)

Did not work either!

Have I missed something?

Thanks in advance.

Michael

0 Helpful
Customers Also Viewed These Support Documents