cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7595
Views
25
Helpful
24
Replies
Beginner

Block Mac address

Hi,

I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work

Can anyone suggest...

Thanks,

Jeevan.                  

Everyone's tags (3)
3 ACCEPTED SOLUTIONS

Accepted Solutions
Advisor

Block Mac address

hi,

I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:

class-map xxx

match http host xxxx

if so then just simply do this:

class-map match-any xxxx

match source-address mac xxxx.xxxx.xxxx

match http host xxxx

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Advisor

Block Mac address

Hi,

I would do this:

Let's suppose you want only to permit 2 MAC addresses and deny all others

class-map match-any MACPERMIT

match source-address mac xxxx.xxx.xxxx

match source-address mac xxxx.xxx.xxxx

class-map match-any xxxx

match not class-map MACPERMIT

match http host xxxx

Let us know if it worked.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Advisor

Block Mac address

Hi,

you should have a PDLM file which supports bittorent.

Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

24 REPLIES 24
Advisor

Block Mac address

Hi,

Normally there shouldn't be any source MAC of all zeroes except in some particular situations.

which number of MAC addresses  do you want to block ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Beginner

Block Mac address

Hi,

I want to block a single MAC address for testing so i have tried the above command... i could not create without source address....can you give me correct command instead so that i will try that..

Thanks,

Jeevan.

Advisor

Block Mac address

Hi,

You can use MQC to achieve this:

class-map MACDENIED

match source-address mac xxxx.xxxx.xxxx

policy-map MACDENIED

class MACDENIED

drop

interface x/x

service-policy input MACDENIED

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Beginner

Block Mac address

Hi,

I have used classmap for blocking websites and applied to interface....can i use another classmap for blocking MAC address and apply to the same interface which i used for blocking websites..

Awaiting for your reply...

Thanks,

Jeevan.

Advisor

Block Mac address

hi,

I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:

class-map xxx

match http host xxxx

if so then just simply do this:

class-map match-any xxxx

match source-address mac xxxx.xxxx.xxxx

match http host xxxx

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Beginner

Block Mac address

Hi,

Thank you so much for your support..it is working now...can you tell me how to permit limited MAC address and block remaininng all from the same router.

Thanks,

Jeevan.

Advisor

Block Mac address

Hi,

I would do this:

Let's suppose you want only to permit 2 MAC addresses and deny all others

class-map match-any MACPERMIT

match source-address mac xxxx.xxx.xxxx

match source-address mac xxxx.xxx.xxxx

class-map match-any xxxx

match not class-map MACPERMIT

match http host xxxx

Let us know if it worked.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Beginner

Block Mac address

Hi,

Sorry i didnt understand your concept..

If i create a class map for permit mac and apply to one of the interface it will work

or

If i deny a mac in class map and apply to same interface it will work

But both cannot be done at the same time as one interface will not accept two service policies i guess...

Thanks,

Jeevan.

Advisor

Block Mac address

Hi,

the first class-map permitting 2 MAC addresses is is called as a match not in the second-class-map which is the one applied in the policy-map.

so what it does is drop any MAC address which is not in the first class-map or any http traffic to the hosts configured

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Beginner

Block Mac address

Hi,

Please guide me how to block voip & SIP & torrents on cisco 1841 router...

Thanks,

Jeevan.

Advisor

Block Mac address

Hi,

for torrents:

http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/

You should be able to do the same for SIP with the match protocol. adapt to your existing config.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Beginner

Block Mac address

Hi,

I am able to find these in the class-map

match protocol edonkey

match protocol fasttrack

match protocol gnutella

match protocol kazaa2

match protocol sip

match protocol vofr

But bittorrent is not available

Can you let me know how to block any kind of torrent file in 1841 router...

Thanks,

Jeevan.

Advisor

Block Mac address

Hi,

you should have a PDLM file which supports bittorent.

Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Beginner

Block Mac address

Hi,

Version is 12.4

IOS is c1841-ipbase-mz.124-1c.bin

After issuing sh ip nbar pdlm is not displaying anything

moreover i have issued for blocking all online videos which does not work

match protocol rtcp

match protocol rtp

match protocol rtsp

Thanks,

Jeevan.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards