02-02-2022 12:24 AM
Hello
We would like to control who can connect to our network.
How do I create a list of ALLOWED mac addresses that are able to connect to our 9300 switches?
Kind Regards
Tony
02-02-2022 12:50 AM
Hello,
here is an example:
9300(config)# mac access-list extended MAC_ACL
9300(config-ext-macl)#permit host 0ef3.2765.0342 any
02-02-2022 02:10 AM
There are 2 ways you can do, Sticky MAC address, that means only that MAC address can connect to certain switch ports ?
or you looking to connect any MAC known address to limit to switch ?
some guide lines :
After you create a MAC ACL, you can apply it to a Layer 2 interface to filter non-IP traffic coming in that interface. When you apply the MAC ACL, consider these guidelines:
You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface. The IP access list filters only IP packets, and the MAC access list filters non-IP packets.
A Layer 2 interface can have only one MAC access list. If you apply a MAC access list to a Layer 2 interface that has a MAC ACL configured, the new ACL replaces the previously configured one.
Note |
The mac access-group interface configuration command is only valid when applied to a physical Layer 2 interface. You cannot use the command on EtherChannel port channels. |
02-02-2022 02:33 AM
Hello
MACLs are very specific and can be an administrative burden, Can you elaborate on what you mean by controlling access, is this physically to a specific switch(s) or is it network?
If you want to enable port authentication, then it can be centralized using 802.1x port authentication (inc- Mac Auth bypass- MAB) which would be a more dynamic approach to specific MACLs
02-04-2022 01:33 AM
We have a secure environment so would like only known thin clients or laptops to be able to connect to the network - so looking for the simplest way to implement / administer?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide