cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
970
Views
0
Helpful
2
Replies
Highlighted
Beginner

Allow only specific vendor mac and block others.

Hi Guys,

I have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest.

Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.

I am having Catalyst 4500 switches in My network.

i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id.

But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly.

are there any restrictions on 4500 or any extra configuration has to be done.

If not is there any other way out to achieve this.

2 REPLIES 2
Highlighted
VIP Mentor

Allow only specific vendor mac and block others.

HI Vinod,

it won't work this way because mac acls only match non ip traffic.

You may ry to use class map(MCQ).

example:

Let's suppose you want only to permit 3 MAC addresses and deny all others

class-map match-any HPLaptop

match source-address mac xxxx.xxx.xxxx

match source-address mac yyy.yyy.yyy.yyy

match source-address mac zzz.zzz.zzz.zzz

class-map match-any DELL

match not class-map HPLaptop

match http host DELL

Hope it helps.

Regards

Highlighted
Beginner

Allow only specific vendor mac and block others.

Hi Sandeep,

In class Map I have the option of matching the access-group... I  dont find any option to match source-address or any Mac address.

switch1(config-cmap)#match ?

  access-group  Access group

  any           Any packets

  application   Application to match

  cos           IEEE 802.1Q/ISL class of service/user priority values

  dscp          Match DSCP in IPv4 and IPv6 packets

  ip            IP specific values

  metadata      Metadata to match

  precedence    Match Precedence in IPv4 and IPv6 packets

  protocol      Protocol

  qos-group     Qos-group

CreatePlease to create content
Content for Community-Ad