Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6388
Views
0
Helpful
5
Replies

To block specific Mac-Address using port security

Go to solution
fjmendonca
Level 1
Level 1

‎08-30-2005 07:53 AM - edited ‎03-02-2019 11:52 PM

I need to configure Port Security in the Catalyst 2950G-48, however instead of specifying the Mac-Address that must to access the network, I need to allow all the Mac-Address with exception of one specific.

With CatOS the command is:

set cam static | permanent filter unicast_mac vlan

But with IOS I don´t found the simular command.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amit-singh
Level 8
Level 8
In response to fjmendonca

‎08-31-2005 07:08 AM

If you use MAC ACL, yes it will increase the CPU utilization as it will be software processed. Static Mac-entry will not cause much effect on CPU.

MAC acl will not be of much use as it block only the non-ip traffic as suggested by Greg in his last post. use the other method listed by Greg.

regards,

-amit singh

View solution in original post

0 Helpful
5 Replies 5

Go to solution
fjmendonca
Level 1
Level 1
In response to oj88

‎08-30-2005 10:48 AM

But if I to use mac-address acl applied in all interfaces of the switch, the CPU utilization can be very high?

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to fjmendonca

‎08-30-2005 10:59 AM

Hello,

MAC address ACL's are for non-IP traffic only, not sure if that is what you want.

If you have an unused port on your switch, you could blackhole traffic for that MAC address:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped. In that example, interface GigabitEthernet0/2 would be your unused interface, the MAC address used here is obviously just an example...

Regards,

GP

0 Helpful

Go to solution
fjmendonca
Level 1
Level 1
In response to Georg Pauwen

‎08-31-2005 06:46 AM

Would I like to know if I use mac-address acl or mac-address-table static the memory and CPU utilization increase considerably?

0 Helpful

Go to solution
amit-singh
Level 8
Level 8
In response to fjmendonca

‎08-31-2005 07:08 AM

If you use MAC ACL, yes it will increase the CPU utilization as it will be software processed. Static Mac-entry will not cause much effect on CPU.

MAC acl will not be of much use as it block only the non-ip traffic as suggested by Greg in his last post. use the other method listed by Greg.

regards,

-amit singh

0 Helpful
Customers Also Viewed These Support Documents