Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7991
Views
6
Helpful
8
Replies

How to block specific mac address on specific port to block communication

asheesh.gupta11
Level 1
Level 1

‎03-24-2019 05:13 AM

Hi All

 

i want to block a specific user mac address to use an specific port .

i configured acl

#mac access-list ext block_pc

(config-ext-macl)#deny host <mac of pc> any

then

at port 

#int gi<any port>

(conf port)#mac access-group block_pc

 

but its not working.

can you please help me to block the same.

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎03-24-2019 05:51 AM

Other option you can do is sticky mac, so only trusted device will be connected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

asheesh.gupta11
Level 1
Level 1
In response to balaji.bandi

‎04-06-2019 11:41 PM

Hi Balaji

i am already using radius by ISE server , but i want to block that mac only on a particular port not from all network
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to asheesh.gupta11

‎04-07-2019 02:14 AM - edited ‎04-07-2019 02:15 AM

@asheesh.gupta11 wrote:
In that case port will not be used by any device ,i want to block only a particular mac address.

This means that ANYONE has access to that port?

Block using MAC-based ACL.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-24-2019 10:53 PM

@asheesh.gupta11 wrote:

i want to block a specific user mac address to use an specific port .

1.  Shutdown the port; or

2.  Assign the port into VLAN 1.  

0 Helpful

asheesh.gupta11
Level 1
Level 1
In response to Leo Laohoo

‎04-06-2019 11:39 PM

Hi Leo

In that case port will not be used by any device ,i want to block only a particular mac address.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to asheesh.gupta11

‎04-07-2019 04:03 AM

how about doing as below to block the MAC for the VLAN X

 

 mac address-table static xxxx.xxxx.xxxx  vlan  Y drop   <<--- replace xxx.xxxx.xxxx and Y as per your requirement.

 

test advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver
VIP
VIP

‎03-25-2019 03:24 AM

Hello


mac access-list extended nomac
deny host xxxx.xxxx.xxxx any
permit any any

int x/x
mac access-group nomac in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents