How to block specific mac address on specific port to block communication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2019 05:13 AM
Hi All
i want to block a specific user mac address to use an specific port .
i configured acl
#mac access-list ext block_pc
(config-ext-macl)#deny host <mac of pc> any
then
at port
#int gi<any port>
(conf port)#mac access-group block_pc
but its not working.
can you please help me to block the same.
- Labels:
-
Catalyst 3000
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2019 05:46 AM
Hi @asheesh.gupta11 ,
Check this discussion:
https://community.cisco.com/t5/switching/how-to-block-single-mac-address-in-3550-switch/td-p/1849280
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2019 05:51 AM
Other option you can do is sticky mac, so only trusted device will be connected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2019 11:41 PM
i am already using radius by ISE server , but i want to block that mac only on a particular port not from all network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2019 02:14 AM - edited 04-07-2019 02:15 AM
@asheesh.gupta11 wrote:
In that case port will not be used by any device ,i want to block only a particular mac address.
This means that ANYONE has access to that port?
Block using MAC-based ACL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2019 10:53 PM
@asheesh.gupta11 wrote:
i want to block a specific user mac address to use an specific port .
1. Shutdown the port; or
2. Assign the port into VLAN 1.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2019 11:39 PM
In that case port will not be used by any device ,i want to block only a particular mac address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2019 04:03 AM
how about doing as below to block the MAC for the VLAN X
mac address-table static xxxx.xxxx.xxxx vlan Y drop <<--- replace xxx.xxxx.xxxx and Y as per your requirement.
test advise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-25-2019 03:24 AM
Hello
mac access-list extended nomac
deny host xxxx.xxxx.xxxx any
permit any any
int x/x
mac access-group nomac in
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
