09-05-2012 03:56 AM - edited 03-07-2019 08:42 AM
Hi,
I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work
Can anyone suggest...
Thanks,
Jeevan.
Solved! Go to Solution.
09-05-2012 07:12 AM
hi,
I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:
class-map xxx
match http host xxxx
if so then just simply do this:
class-map match-any xxxx
match source-address mac xxxx.xxxx.xxxx
match http host xxxx
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 07:45 AM
Hi,
I would do this:
Let's suppose you want only to permit 2 MAC addresses and deny all others
class-map match-any MACPERMIT
match source-address mac xxxx.xxx.xxxx
match source-address mac xxxx.xxx.xxxx
class-map match-any xxxx
match not class-map MACPERMIT
match http host xxxx
Let us know if it worked.
Regards.
Alain
Don't forget to rate helpful posts.
09-06-2012 05:08 AM
Hi,
you should have a PDLM file which supports bittorent.
Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 04:15 AM
Hi,
Normally there shouldn't be any source MAC of all zeroes except in some particular situations.
which number of MAC addresses do you want to block ?
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 04:31 AM
Hi,
I want to block a single MAC address for testing so i have tried the above command... i could not create without source address....can you give me correct command instead so that i will try that..
Thanks,
Jeevan.
09-05-2012 06:47 AM
Hi,
You can use MQC to achieve this:
class-map MACDENIED
match source-address mac xxxx.xxxx.xxxx
policy-map MACDENIED
class MACDENIED
drop
interface x/x
service-policy input MACDENIED
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 07:06 AM
Hi,
I have used classmap for blocking websites and applied to interface....can i use another classmap for blocking MAC address and apply to the same interface which i used for blocking websites..
Awaiting for your reply...
Thanks,
Jeevan.
09-05-2012 07:12 AM
hi,
I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:
class-map xxx
match http host xxxx
if so then just simply do this:
class-map match-any xxxx
match source-address mac xxxx.xxxx.xxxx
match http host xxxx
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 07:31 AM
Hi,
Thank you so much for your support..it is working now...can you tell me how to permit limited MAC address and block remaininng all from the same router.
Thanks,
Jeevan.
09-05-2012 07:45 AM
Hi,
I would do this:
Let's suppose you want only to permit 2 MAC addresses and deny all others
class-map match-any MACPERMIT
match source-address mac xxxx.xxx.xxxx
match source-address mac xxxx.xxx.xxxx
class-map match-any xxxx
match not class-map MACPERMIT
match http host xxxx
Let us know if it worked.
Regards.
Alain
Don't forget to rate helpful posts.
09-05-2012 07:52 AM
Hi,
Sorry i didnt understand your concept..
If i create a class map for permit mac and apply to one of the interface it will work
or
If i deny a mac in class map and apply to same interface it will work
But both cannot be done at the same time as one interface will not accept two service policies i guess...
Thanks,
Jeevan.
09-05-2012 08:29 AM
Hi,
the first class-map permitting 2 MAC addresses is is called as a match not in the second-class-map which is the one applied in the policy-map.
so what it does is drop any MAC address which is not in the first class-map or any http traffic to the hosts configured
Regards.
Alain
Don't forget to rate helpful posts.
09-06-2012 01:53 AM
Hi,
Please guide me how to block voip & SIP & torrents on cisco 1841 router...
Thanks,
Jeevan.
09-06-2012 03:38 AM
Hi,
for torrents:
http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/
You should be able to do the same for SIP with the match protocol. adapt to your existing config.
Regards.
Alain
Don't forget to rate helpful posts.
09-06-2012 04:48 AM
Hi,
I am able to find these in the class-map
match protocol edonkey
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
match protocol sip
match protocol vofr
But bittorrent is not available
Can you let me know how to block any kind of torrent file in 1841 router...
Thanks,
Jeevan.
09-06-2012 05:08 AM
Hi,
you should have a PDLM file which supports bittorent.
Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:
Regards.
Alain
Don't forget to rate helpful posts.
09-06-2012 05:58 AM
Hi,
Version is 12.4
IOS is c1841-ipbase-mz.124-1c.bin
After issuing sh ip nbar pdlm is not displaying anything
moreover i have issued for blocking all online videos which does not work
match protocol rtcp
match protocol rtp
match protocol rtsp
Thanks,
Jeevan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide