Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2515
Views
10
Helpful
6
Replies

How to block range of mac addresses in cisco switches/routers?

VinayM
Level 1
Level 1

‎04-02-2021 09:44 AM

Hello,

We are facing a issue in which a certain range of mac addresses keep on showing up on different ports of Cisco 7600 series router in a quick succession. Every time we block the issue causing MAC address in router a another MAC address starts to pop up after few mins or few hours with second octet of MAC address same as the blocked one. Below are the few of the MAC addresses we have blocked so far.

The middle octet remains unchanged. We tried to find the root from which these MAC's are originating but to our no good we couldn't find. 

Is there any way to block these range of MAC addresses from 0000.aaaa.0000 to ffff.aaaa.ffff?

 

* 153 406d.aaaa.be41 static No - <drop>
* 153 e453.aaaa.be41 static No - <drop>
* 153 2025.aaaa.be41 static No - <drop>
* 153 5c75.aaaa.be41 static No - <drop>
* 153 4a69.aaaa.be41 static No - <drop>
* 153 6cdf.aaaa.be41 static No - <drop>
* 153 e8d3.aaaa.be41 static No - <drop>
* 153 ae31.aaaa.be41 static No - <drop>
* 153 180f.aaaa.be41 static No - <drop>
* 153 8cc0.aaaa.bc81 static No - <drop>
* 153 e863.aaaa.be41 static No - <drop>
* 153 4a01.aaaa.be41 static No - <drop>
* 153 326d.aaaa.be41 static No - <drop>
* 153 62b5.aaaa.be41 static No - <drop>
* 153 a6d2.aaaa.be41 static No - <drop>
* 153 e4bf.aaaa.be41 static No - <drop>
* 153 f8d7.aaaa.be41 static No - <drop>
* 153 0e53.aaaa.be41 static No - <drop>
* 153 121f.aaaa.be41 static No - <drop>

 

We would be very grateful if someone can help us to solve the issue.

Labels:
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎04-02-2021 11:43 AM

Hello,

 

I wonder if a MAC access list would work:

 

mac access-list extended BLOCK_MAC
deny 0000.aaaa.0000 1111.0000.1111 any
deny any 0000.aaaa.0000 1111.0000.1111
permit any any
!
interface x
mac access-group BLOCK_MAC in

0 Helpful

VinayM
Level 1
Level 1
In response to Georg Pauwen

‎04-04-2021 09:49 PM

Thank you for a quick reply we will try putting the mac access list and update.

0 Helpful

VinayM
Level 1
Level 1
In response to Georg Pauwen

‎04-05-2021 06:17 AM

Sir we tried creating and applying the access list on particular interface but after applying we are loosing the access of the node. it denies all the mac coming from that interface. We tried changing the wildcard mask to ffff.0000.0000 and 0000.ffff.ffff but still it was dropping all the mac on the interface.

 

 

paul driver
VIP
VIP

‎04-03-2021 04:00 AM - edited ‎04-03-2021 04:02 AM

Hello
You could try negating this by a mac access-list as already suggest however you could maybe able to netgate it with a genratic mac list given that the last two octes are the same.

example:
mac access-list extended mac-acl
deny 0000.AAAA.BE41 FFFF.0000.0000 any 0x806 0x0
permit any any


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

VinayM
Level 1
Level 1
In response to paul driver

‎04-04-2021 09:59 PM

Sir thank you for an update, we will try your solution and update.

 

0 Helpful

VinayM
Level 1
Level 1
In response to VinayM

‎04-05-2021 06:17 AM

Sir we tried creating and applying the access list on particular interface but after applying we are loosing the access of the node. it denies all the mac coming from that interface. we tried changing the wildcard mask to ffff.0000.0000 and 0000.ffff.ffff but still it was dropping all the mac on the interface.

0 Helpful
Customers Also Viewed These Support Documents