Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
3
Replies

catalyst ACL

ohalnet53
Level 1
Level 1

‎01-26-2006 03:42 PM - edited ‎03-05-2019 11:46 AM

can we ban MAC addresses (port based ACL) on catalyst L2 switches?

tx in advance

Labels:
0 Helpful
3 Replies 3

pkhatri
Level 11
Level 11

‎01-26-2006 03:53 PM

Which particular switch are you looking at ?

On the 3550s, for example, you can restrict the MAC addresses that can be on part by using the following command:

switchport port-security mac-address

Hope that helps - pls rate the post if it does.

Regards,

Paresh

0 Helpful

pkhatri
Level 11
Level 11
In response to pkhatri

‎01-26-2006 03:58 PM

I probably did not answer your question fully..

On most of the platforms, you can apply access-lists to interface that will deny MAC addresses as specified in a MAC access-list.

Hope that helps - pls rate the post if it does.

Regards,

Paresh

0 Helpful

Georg Pauwen
VIP
VIP
In response to pkhatri

‎01-26-2006 07:25 PM

Hello,

as an alternative, if you have an unused port on your switch, you could blackhole traffic for a specific MAC address, which will effectively block that MAC address from the entire switch. In the example below, interface GigabitEthernet0/2 is unused:

mac-address-table static 0020.1223.e3f4 interface GigabitEthernet0/2

Since static entries take precedence over dynamic entries, all traffic for that MAC address wil effectively be dropped.

Regards,

GP

0 Helpful
Customers Also Viewed These Support Documents