Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1648
Views
5
Helpful
7
Replies

Catalyst 2960-X Series MAC address filtering

erdene
Level 1
Level 1

‎07-03-2023 12:40 AM - edited ‎07-03-2023 12:41 AM

I have a ISR4331 as a gateway router and DHCP server. It doesn't have LAN switching module. Instead I'm using my Catalyst 2960-X Series managed swtich to filter MAC addresses. I'm tying to reject all other MAC addresses but permit list of MAC addresses.

Creating mac acl with "#mac access-list extended aclname". Then "permit mac any" command returns error.

Any suggestions? Thank you.

Labels:
7 Replies 7

MHM Cisco World
VIP
VIP

‎07-03-2023 12:50 AM - edited ‎07-03-2023 01:59 AM

router not support mac acl, only SW support it 
sorry you use SW not ISR4331 for MAC filter, 
NOW 
the SW accept mac access-list named 
after that you add permit mac any SW refuse it ?
can you try 
permit ? <<- let see what option SW give us

erdene
Level 1
Level 1
In response to MHM Cisco World

‎07-03-2023 02:16 AM

H.H.H 48-bit source MAC address
any any source MAC address
host A single source host

Returns these.

After tinkering with the command order it accepted command 'permit host mac any' command. But I'm stuck at applying my acl to an interface or vlan. All commands I tried returns unknown command.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to erdene

‎07-03-2023 02:55 AM

that good 
NOW 
mac ACL apply to L2 port 
or use with vlan access-map 
if you use mac acl apply to l2 port then you can use permit host mac ....
if you use mac acl with vlan access-map then you need to permit arp from specific mac and deny arp any any, but why?
the mac acl can not packet (with IP header) it filter frame (with mac + IP header )

erdene
Level 1
Level 1
In response to MHM Cisco World

‎07-03-2023 03:10 AM

What if I want to bind specific mac addresses to static ip addresses?

MHM Cisco World
VIP
VIP
In response to erdene

‎07-03-2023 03:13 AM

https://sites.google.com/site/blahutajannet/cisco-tutorials/cisco-router-set-up-dhcp-static-mapping

Yes you can do that in router run local dhcp server 

erdene
Level 1
Level 1

‎07-04-2023 03:55 AM

@MHM Cisco World  thank you for your help. I learned alot and I completed most of the configuration on my network. Which setup like following. ISR4331 is a gateway router connected to WAN with gig/0/0 port and gig/0/1 port is connected to the catalyst switch. My network uses multiple different networks. In my old setting my old router had switching, so I created multiple vlans on it. With ISR4331 having no eth switching module how do I connect different networks?

0 Helpful

MHM Cisco World
VIP
VIP
In response to erdene

‎07-04-2023 04:03 AM

you need L2SW and in ISR4331 you need to config subinterface for each vlan in L2SW

0 Helpful
Customers Also Viewed These Support Documents