Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
14342
Views
10
Helpful
3
Replies

How can i create MAC base ACL in cisco router 2800 &1800

sujitkr7cisco
Level 1
Level 1

ā€Ž09-16-2010 12:43 PM - edited ā€Ž03-06-2019 01:01 PM

hi,

I want to create mac base ACl for all  users and laptop . So that I can restrict unauthorized user or laptop. MY current scenario is like :---

wireless user/Laptop ------> Access point------->Poe switch (L2)-------> WLC (wireless LAN controller )-------->Radius server ------------>AD------------> LAN

In above scenario unauthorized user can access Internet or can get some access through static IP. So i am planning to implement following because i have Cisco 2800 and Cisco 1800 router  and also due lack of budget.

wireless user/Laptop ------> Access point------->PoE switch (L2)------->Cisco router (with MAC base ACL)--------> WLC-------->Radius server ------------>AD------------> LAN

Please suggest me to resolve this issue.

Thanks & Regards,

Sujeet

1 person had this problem
Labels:
0 Helpful
3 Replies 3

gatlin007
Level 4
Level 4

ā€Ž09-22-2010 01:31 PM

A MAC access list on the router as described in this link may work:


http://www.cisco.com/en/US/partner/docs/ios/bridging/command/reference/br_a1.html#wp1010986


The downstream switch is a better place for MAC filtering.  Find the specific manual for the switch hardware/software you have in order to filter there.



Chris

sujitkr7cisco
Level 1
Level 1
In response to gatlin007

ā€Ž09-25-2010 11:34 AM

Hi,

Sorry for late reply.

I am not able to access link , which is send by you.

Please send me another link.

0 Helpful

gatlin007
Level 4
Level 4
In response to sujitkr7cisco

ā€Ž09-25-2010 01:40 PM

This may be hardware/feature set/IOS dependant.


##########

access-list (standard-ibm)

To establish a MAC address access list, use the access-list command in global configuration mode. To remove access list, use the no form of this command.

access-list access-list-number {permit | deny} address mask

no access-list access-list-number

Syntax Description

access-list-number

Integer from 700 to 799 that you select for the list.

permit

Permits the frame.

deny

Denies the frame.

address mask

48-bit MAC addresses written as a dotted triple of four-digit hexadecimal numbers. The ones bits in the mask argument are the bits to be ignored in address.


Defaults

No MAC address access lists are established.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.


Usage Guidelines

Configuring bridging access lists of type 700 may cause a momentary interruption of traffic flow.

Examples

The following example assumes that you want to disallow the bridging of  Ethernet packets of all Sun workstations on Ethernet interface 1.  Software assumes that all such hosts have Ethernet addresses with the  vendor code 0800.2000.0000. The first line of the access list denies  access to all Sun workstations, and the second line permits everything  else. You then assign the access list to the input side of Ethernet  interface 1.

access-list 700 deny 0800.2000.0000 0000.00FF.FFFF

access-list 700 permit 0000.0000.0000 FFFF.FFFF.FFFF
!

interface ethernet 1
 bridge-group 1 input-address-list 700

Related Commands

Command
Description

access-list (type-code-ibm)

Builds type-code access lists.


Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card