Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1625
Views
0
Helpful
5
Replies

Configuring a MAC access-list on 2950 switch

CSCO10576352
Level 1
Level 1

‎08-18-2007 04:06 AM - edited ‎03-05-2019 05:58 PM

Hi, I am trying to configure a mac access-list on a cisco 2950 switch running version 12.1(22)EA10a. I have no problem configuring the actual mac access-list itself but when i come to apply it interface fa0/1 for example the 'mac access-group' command is not visible. I have the interface setup as a switchport to access vlan 1. Can anyone advise what im missing here?

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

flashsplash
Level 1
Level 1

‎08-19-2007 04:36 PM

Hi, untill now i've never seen an access-list created the way u want to do it. But who am i, i haven't much experince yet.

But i think maby you mean the "switchport port-security" command. With this command [and subcommands] u can secure a switchport.

for example:

SW2(config)#int fast 0/5

SW2(config-if)#switchport mode access

SW2(config-if)#switchport port-security

SW2(config-if)#switchport port-security ?

aging Port-security aging commands

mac-address Secure mac address

maximum Max secure addresses

violation Security violation mode

SW2(config-if)#switchport port-security maximum 2

SW2(config-if)#switchport port-security violation protect

this was just 1 example, hope it could help.

bye flash...

0 Helpful

CSCO10576352
Level 1
Level 1
In response to flashsplash

‎08-20-2007 06:48 AM

Hi Flash, thanks for your reply. I am aware that you can use port security to secure a mac address against a port, however this feature does not allow you to configure the same mac address on multiple ports. This is why I was looking into using a 'mac access-list' to control access. As previously stated I have no problem actually configuring the mac-access list, the issue is that when I try to apply it to the interface the 'mac access-group' command is not present.

0 Helpful

mrguitar
Level 4
Level 4
In response to CSCO10576352

‎07-23-2008 11:45 AM

I am running into this issue, as well. Have you found a resolution?

Thanks,

Ed

0 Helpful

CSCO10576352
Level 1
Level 1
In response to mrguitar

‎07-23-2008 10:26 PM

Hi Ed, in the end I gave up and went with 802.1x port based authentication instead which requires the user to enter a username and password to enable the LAN port, the downside to this though is that you require a radius server to do the authentication.

0 Helpful

jeanaguemon
Level 1
Level 1
In response to CSCO10576352

‎07-29-2008 08:49 AM

You don't apply it to the interface; you should apply it to the vlan interface -2950 is a layer 2 switch.

Please let me know if this helps. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card