Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3481
Views
0
Helpful
4
Replies

How do a create an ALLOW mac address list for switches?

sandsfoot
Level 1
Level 1

‎02-02-2022 12:24 AM

Hello

We would like to control who can connect to our network.

How do I create a list of ALLOWED mac addresses that are able to connect to our 9300 switches?

Kind Regards

Tony

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎02-02-2022 12:50 AM

Hello,

 

here is an example:

 

9300(config)# mac access-list extended MAC_ACL
9300(config-ext-macl)#permit host 0ef3.2765.0342 any

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-5/configuration_guide/sec/b_165_sec_9300_cg/configuring_ipv4_acls.html#ID1832

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-02-2022 02:10 AM

There are 2 ways you can do, Sticky MAC address, that means  only that MAC address can connect to certain switch ports ?

or you looking to connect any MAC known address to limit to switch ?

 

some guide lines :

 

MAC ACLs on a Layer 2 Interface

After you create a MAC ACL, you can apply it to a Layer 2 interface to filter non-IP traffic coming in that interface. When you apply the MAC ACL, consider these guidelines:

  • You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface. The IP access list filters only IP packets, and the MAC access list filters non-IP packets.

  • A Layer 2 interface can have only one MAC access list. If you apply a MAC access list to a Layer 2 interface that has a MAC ACL configured, the new ACL replaces the previously configured one.

 

Note

The mac access-group interface configuration command is only valid when applied to a physical Layer 2 interface. You cannot use the command on EtherChannel port channels.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎02-02-2022 02:33 AM

Hello
MACLs are very specific and can be an administrative burden, Can you elaborate on what you mean by controlling access, is this physically to a specific switch(s) or is it network?
If you want to enable port authentication, then it can be centralized using 802.1x port authentication (inc- Mac Auth bypass- MAB) which would be a more dynamic approach to specific MACLs


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

sandsfoot
Level 1
Level 1

‎02-04-2022 01:33 AM

We have a secure environment so would like only known thin clients or laptops to be able to connect to the network - so looking for the simplest way to implement / administer?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card