cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9760
Views
25
Helpful
24
Replies

Block Mac address

jeevan.koganti
Beginner
Beginner

Hi,

I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work

Can anyone suggest...

Thanks,

Jeevan.                  

3 Accepted Solutions

Accepted Solutions

hi,

I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:

class-map xxx

match http host xxxx

if so then just simply do this:

class-map match-any xxxx

match source-address mac xxxx.xxxx.xxxx

match http host xxxx

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

I would do this:

Let's suppose you want only to permit 2 MAC addresses and deny all others

class-map match-any MACPERMIT

match source-address mac xxxx.xxx.xxxx

match source-address mac xxxx.xxx.xxxx

class-map match-any xxxx

match not class-map MACPERMIT

match http host xxxx

Let us know if it worked.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

you should have a PDLM file which supports bittorent.

Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

24 Replies 24

cadet alain
Mentor
Mentor

Hi,

Normally there shouldn't be any source MAC of all zeroes except in some particular situations.

which number of MAC addresses  do you want to block ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

I want to block a single MAC address for testing so i have tried the above command... i could not create without source address....can you give me correct command instead so that i will try that..

Thanks,

Jeevan.

Hi,

You can use MQC to achieve this:

class-map MACDENIED

match source-address mac xxxx.xxxx.xxxx

policy-map MACDENIED

class MACDENIED

drop

interface x/x

service-policy input MACDENIED

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

I have used classmap for blocking websites and applied to interface....can i use another classmap for blocking MAC address and apply to the same interface which i used for blocking websites..

Awaiting for your reply...

Thanks,

Jeevan.

hi,

I suppose your class-map is something like this and that you have a drop action for that class in your policy-map:

class-map xxx

match http host xxxx

if so then just simply do this:

class-map match-any xxxx

match source-address mac xxxx.xxxx.xxxx

match http host xxxx

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

Thank you so much for your support..it is working now...can you tell me how to permit limited MAC address and block remaininng all from the same router.

Thanks,

Jeevan.

Hi,

I would do this:

Let's suppose you want only to permit 2 MAC addresses and deny all others

class-map match-any MACPERMIT

match source-address mac xxxx.xxx.xxxx

match source-address mac xxxx.xxx.xxxx

class-map match-any xxxx

match not class-map MACPERMIT

match http host xxxx

Let us know if it worked.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

Sorry i didnt understand your concept..

If i create a class map for permit mac and apply to one of the interface it will work

or

If i deny a mac in class map and apply to same interface it will work

But both cannot be done at the same time as one interface will not accept two service policies i guess...

Thanks,

Jeevan.

Hi,

the first class-map permitting 2 MAC addresses is is called as a match not in the second-class-map which is the one applied in the policy-map.

so what it does is drop any MAC address which is not in the first class-map or any http traffic to the hosts configured

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

Please guide me how to block voip & SIP & torrents on cisco 1841 router...

Thanks,

Jeevan.

Hi,

for torrents:

http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/

You should be able to do the same for SIP with the match protocol. adapt to your existing config.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

I am able to find these in the class-map

match protocol edonkey

match protocol fasttrack

match protocol gnutella

match protocol kazaa2

match protocol sip

match protocol vofr

But bittorrent is not available

Can you let me know how to block any kind of torrent file in 1841 router...

Thanks,

Jeevan.

Hi,

you should have a PDLM file which supports bittorent.

Can you provide the output of sh ip nbar pdlm as well as sh ver | i IOS and sh flash:

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

Version is 12.4

IOS is c1841-ipbase-mz.124-1c.bin

After issuing sh ip nbar pdlm is not displaying anything

moreover i have issued for blocking all online videos which does not work

match protocol rtcp

match protocol rtp

match protocol rtsp

Thanks,

Jeevan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers