04-25-2011 10:25 PM
What i am trying to achive is allow only specific mac addresses on switch and deny all others by using MAC ACE.
My rules are as below; What is wrong? It does not allow to specific host! Wildcard mask 00:00:00:00:00:00 is correct for host?
Action Source Destination Mask
permit any ab:cd:ef:aa:bb:cd(Host MAC) 00:00:00:00:00:00
permit ab:cd:ef:aa:bb:cd(Host MAC)(mask:00:00:00:00:00:00) any
deny any any
Thank you.
Solved! Go to Solution.
04-26-2011 01:08 AM
Hi
Looks good, i am wonfering if the device of interest needs to ARP at layer 2 to get a IP address for this this MAC address mentioned have a static IP address ?
i tried it and got the following results ;
My first entry is to deny layer 2 access to my NAS server at 192.168.20.61 - ping failed.
My second entry allows me to manage my SG300-10P switch 192.168.20.200 - ping succeeded
My third unseen entry is probably the implicit deny all.
So my attempt to ping the internet address of 4.2.2.1 failed
My attempt to ping my router gateway at 192.168.20.1 also failed.
I still have to worry about ARPing at layer 2. But the bottom line is my filters worked, I think the pings in the screen capture below show that.
i kept it simple, only applied my MAC ACL filter to the port that my PC was connected to, and not all ports.
04-26-2011 01:08 AM
Hi
Looks good, i am wonfering if the device of interest needs to ARP at layer 2 to get a IP address for this this MAC address mentioned have a static IP address ?
i tried it and got the following results ;
My first entry is to deny layer 2 access to my NAS server at 192.168.20.61 - ping failed.
My second entry allows me to manage my SG300-10P switch 192.168.20.200 - ping succeeded
My third unseen entry is probably the implicit deny all.
So my attempt to ping the internet address of 4.2.2.1 failed
My attempt to ping my router gateway at 192.168.20.1 also failed.
I still have to worry about ARPing at layer 2. But the bottom line is my filters worked, I think the pings in the screen capture below show that.
i kept it simple, only applied my MAC ACL filter to the port that my PC was connected to, and not all ports.
04-26-2011 07:04 AM
Your Reply gave me an idea.
I have wrote a rules that permit access to switch mac address from specific host mac address and bind acl to interface.
Thank you for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide