05-21-2013 06:06 AM - edited 03-07-2019 01:28 PM
Hi Guys,
I have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest.
Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.
I am having Catalyst 4500 switches in My network.
i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id.
But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly.
are there any restrictions on 4500 or any extra configuration has to be done.
If not is there any other way out to achieve this.
05-21-2013 07:02 AM
HI Vinod,
it won't work this way because mac acls only match non ip traffic.
You may ry to use class map(MCQ).
example:
Let's suppose you want only to permit 3 MAC addresses and deny all others
class-map match-any HPLaptop
match source-address mac xxxx.xxx.xxxx
match source-address mac yyy.yyy.yyy.yyy
match source-address mac zzz.zzz.zzz.zzz
class-map match-any DELL
match not class-map HPLaptop
match http host DELL
Hope it helps.
Regards
05-21-2013 10:05 PM
Hi Sandeep,
In class Map I have the option of matching the access-group... I dont find any option to match source-address or any Mac address.
switch1(config-cmap)#match ?
access-group Access group
any Any packets
application Application to match
cos IEEE 802.1Q/ISL class of service/user priority values
dscp Match DSCP in IPv4 and IPv6 packets
ip IP specific values
metadata Metadata to match
precedence Match Precedence in IPv4 and IPv6 packets
protocol Protocol
qos-group Qos-group
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide