cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8304
Views
6
Helpful
8
Replies

How to block specific mac address on specific port to block communication

asheesh.gupta11
Level 1
Level 1

Hi All

 

i want to block a specific user mac address to use an specific port .

i configured acl

#mac access-list ext block_pc

(config-ext-macl)#deny host <mac of pc> any

then

at port 

#int gi<any port>

(conf port)#mac access-group block_pc

 

but its not working.

can you please help me to block the same.

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

Other option you can do is sticky mac, so only trusted device will be connected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji

i am already using radius by ISE server , but i want to block that mac only on a particular port not from all network


@asheesh.gupta11 wrote:
In that case port will not be used by any device ,i want to block only a particular mac address.

This means that ANYONE has access to that port?

Block using MAC-based ACL.

Leo Laohoo
Hall of Fame
Hall of Fame

@asheesh.gupta11 wrote:

i want to block a specific user mac address to use an specific port .


1.  Shutdown the port; or

2.  Assign the port into VLAN 1.  

Hi Leo

In that case port will not be used by any device ,i want to block only a particular mac address.

how about doing as below to block the MAC for the VLAN X

 

 mac address-table static xxxx.xxxx.xxxx  vlan  Y drop   <<--- replace xxx.xxxx.xxxx and Y as per your requirement.

 

test advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello


mac access-list extended nomac
deny host xxxx.xxxx.xxxx any
permit any any

int x/x
mac access-group nomac in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul