Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
8
Replies

How to block the Dynamically learned MAC address from switch

Go to solution
R Manjunatha
Level 3
Level 3

‎02-13-2025 09:06 PM

Helloo,

How can I block a dynamically learned MAC address on the switch? I need to block a specific MAC address that has been learned by the switch.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to R Manjunatha

‎02-15-2025 01:58 AM

Befor mac add to table

You can use 802.1x  which make SW prevent add mac into table until this mac is authc 

You cqn use port-secuirty add static mac to any unuse port and make all other port run port secuirty with violation restrictions.

After mac add to table 

You can use command I share above to drop traffic to this mac.

MHM

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-13-2025 09:40 PM - edited ‎02-13-2025 10:09 PM

And what if the owner of the client enables Random MAC Address?

Does this target MAC address always appear in the same switchport?  If it does, what happens if that particular switchport is assigned to a "null" VLAN (a VLAN that does not appear in the VLAN database) or a VLAN that is not allowed in the Trunk?

0 Helpful

Go to solution
R Manjunatha
Level 3
Level 3
In response to Leo Laohoo

‎02-13-2025 11:35 PM

My question is very simple and straightforward:
How can I block a specific user's MAC address on the switch? I don't want that particular MAC address to appear in my switch's MAC address table. what command do I need to use? 

0 Helpful

Go to solution
R Manjunatha
Level 3
Level 3
In response to R Manjunatha

‎02-13-2025 11:36 PM

My question is straightforward:
How can I block a specific user's MAC address on the switch? I don't want that particular MAC address to appear in my switch's MAC address table. what command do I need to use? 

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to R Manjunatha

‎02-13-2025 11:53 PM - edited ‎02-14-2025 12:05 AM

@R Manjunatha wrote:

My question is very simple and straightforward:
How can I block a specific user's MAC address on the switch? I don't want that particular MAC address to appear in my switch's MAC address table. what command do I need to use? 

Why?

What is the business or use case for this?  What are you trying to achieve?

The only logical reason that I can only surmise is a MAC address flooding the logs with MAC flapping error messages. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎02-13-2025 11:28 PM

mac address-table static xxxx.xxxx.xxxx  vlan x drop <<- this as workaround' note if you want to can repeat command for each vlan.

MHM

0 Helpful

Go to solution
R Manjunatha
Level 3
Level 3
In response to MHM Cisco World

‎02-14-2025 10:34 PM

Thanks for the update. I configured the command as mentioned, and I believe this only applies to static MAC addresses, not dynamically learned ones. Am I correct?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to R Manjunatha

‎02-15-2025 01:58 AM

Befor mac add to table

You can use 802.1x  which make SW prevent add mac into table until this mac is authc 

You cqn use port-secuirty add static mac to any unuse port and make all other port run port secuirty with violation restrictions.

After mac add to table 

You can use command I share above to drop traffic to this mac.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card