04-05-2024 07:55 AM
Dear All,
I am trying to configure an MAC ACL on a switch 4500(sup8) and apply it on a Portchannel that is connected to WLC.
I have configured the MAC ACL:
Extended MAC access list AIROSAPDENY
deny host 309c.245.67a4 any
deny any any (18 matches)
and apply it to the portchannel:
interface Port-channel1
description wlc01_9800_primary
switchport
switchport trunk allowed vlan 1-274,277,279,280,282-4094
switchport trunk native vlan 111
switchport mode trunk
switchport nonegotiate
ip arp inspection trust
mac access-group AIROSAPDENY in
But when I try to ping the WLC from the test PC with MAC 309c.245.67a4, it continue to reach the WLC.
Can you help me to understand why?
Bye,
JF
04-05-2024 08:03 AM
I think there is restriction of using MAC ACL under port-channel.
If you can try same MAC ACL in any other l2 port and test again
MHM
04-05-2024 08:23 AM
Hi MHM,
I have tryed to apply the MAC ACL to the PortChannel and also on its ports members, but the ACL continue to do not filter the pc mac.
Ok It seems a Portchannel limitation as you said. So How I can apply an ACL on a Portchannel? I need it to prevent Aps to join to the WLC.
Bye,
JF
04-05-2024 08:25 AM
what is WLC you use ?
MHM
04-07-2024 11:32 PM
I use a Cisco 9800, I am in the middle of WLC migration from older 5508.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide