Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2132
Views
5
Helpful
3
Replies

Blocking Mac-address in Network

Go to solution
kanupriya
Level 1
Level 1

‎07-14-2005 10:13 PM - edited ‎03-05-2019 11:35 AM

Hi,

The problem is regarding virus infected machine in network. The machine is not in city, is in distant region. We have IP address, Mac-address for the machine. Even could find out which machine it is, and able to disconnected it from the network for a while. The cleaning of virus (It is Windows LSASS RPC Overflow virus) is not possible from this much distance. To make sure that particular user will not connect to the network again till we clean his machine, I want to block his mac-address on switch. I am not sure which particular port he is connected with. Using "switchport port-security", we can just allow the mac-address, can not block them. Is there any solution to do so?

I would appreciate your suggestions.

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎07-14-2005 10:29 PM

Hello,

if you know the MAC address, you should be able to find the port where that MAC address is connected to, with the command 'show mac-address-table', or something similar. Once you have found the port, I guess it would be easiest to just shut down the port.

As an alternative, if you have an unused port on your switch, you could blackhole traffic for that MAC address:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.

Can you try and see if that works for you ?

Regards,

GP

View solution in original post

3 Replies 3

Go to solution
Georg Pauwen
VIP
VIP

‎07-14-2005 10:29 PM

Hello,

if you know the MAC address, you should be able to find the port where that MAC address is connected to, with the command 'show mac-address-table', or something similar. Once you have found the port, I guess it would be easiest to just shut down the port.

As an alternative, if you have an unused port on your switch, you could blackhole traffic for that MAC address:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.

Can you try and see if that works for you ?

Regards,

GP

Go to solution
kanupriya
Level 1
Level 1
In response to Georg Pauwen

‎07-14-2005 10:52 PM

Great help GP!

Thanks

0 Helpful

Go to solution
kanupriya
Level 1
Level 1

‎07-14-2005 10:59 PM

Hi,

Thank you very much for your promt and helpful reply. It solved my problem. I appreciate.

Thanks again

Regards

Kanupriya

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card