Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
2
Replies

Allow only specific vendor mac and block others.

vinod.mali
Level 1
Level 1

‎05-21-2013 06:06 AM - edited ‎03-07-2019 01:28 PM

Hi Guys,

I have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest.

Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.

I am having Catalyst 4500 switches in My network.

i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id.

But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly.

are there any restrictions on 4500 or any extra configuration has to be done.

If not is there any other way out to achieve this.

Labels:
0 Helpful
2 Replies 2

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎05-21-2013 07:02 AM

HI Vinod,

it won't work this way because mac acls only match non ip traffic.

You may ry to use class map(MCQ).

example:

Let's suppose you want only to permit 3 MAC addresses and deny all others

class-map match-any HPLaptop

match source-address mac xxxx.xxx.xxxx

match source-address mac yyy.yyy.yyy.yyy

match source-address mac zzz.zzz.zzz.zzz

class-map match-any DELL

match not class-map HPLaptop

match http host DELL

Hope it helps.

Regards

0 Helpful

vinod.mali
Level 1
Level 1
In response to Sandeep Choudhary

‎05-21-2013 10:05 PM

Hi Sandeep,

In class Map I have the option of matching the access-group... I  dont find any option to match source-address or any Mac address.

switch1(config-cmap)#match ?

  access-group  Access group

  any           Any packets

  application   Application to match

  cos           IEEE 802.1Q/ISL class of service/user priority values

  dscp          Match DSCP in IPv4 and IPv6 packets

  ip            IP specific values

  metadata      Metadata to match

  precedence    Match Precedence in IPv4 and IPv6 packets

  protocol      Protocol

  qos-group     Qos-group

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card