Really appreciative of your support and help.

But I do not want to use MAC ACL, I want to use the command that was mentioned. It should actually have the same function as the mac acl as per my knowledge because it will drop all traffic. Please correct me if I'm mistaken.

Ex (eve-ng lab)

I added 3 switches

2 Access with each device exit link to core for information not between 2 access link

1 Core

2 PCs, one connected to Acc1 and the other connected to Acc2

I applied the command on Core so that if it receives the mac address from acc1 it drops it but it can still communicate with the other side whether in the same vlan or different vlan.

The command should work 

But which mac you use in command?

Did you use mac of interface or SW?

Also do show mac address 

See if NSK add different Mac tha  what yoh use in command 

MHM

I used the mac address present on the port going to the pc windows. Notably from NSK I showed the mac address and the mac address was not found and it appeared to me that the state is drop but the pc is still able to access the network.

Is it possible that the command does not work in the virtual environment and does not simulate reality, or what?

It can eve-ng issue' I will test it tonight in my lab 

But for your case 

Do you see any mac in interface connect to PC's

MHM

I would be grateful if you could share the test results that will appear to you and tell me whether it works or not.

I truly appreciate your effort. Thank you for your time and clarification.

You are so welcome 

Have a nice day 

MHM

some of the simulator and emulator can not work as expected - never tried in virtual so check the support and test it.

Thank you, my brother, for this solution. I will try it in the lab eve-ng and test it to see if it works or not.

However, the solution is not practical in the work environment I'm working in due to the large number of switches and the difficulty of tracing. So, does it not work on the Core? Knowing that the Core works as Layer2?

Apart from that, why am I putting all the VLANs as drop when I know that the PC is assigned to VLAN 2 for example, why mention them all as it will cause a lot of commands.

I am able to apply them in another way, but the work requirements want it in this form. Thank you.

Hello

---

@Eng-Ruthless wrote:

I am able to apply them in another way, but the work requirements want it in this form. Thank you.

---

Yes one option would be to use  vlan and routed acls to negate communication between hosts in the same vlan or between the vlans

By the issue you have at the moment may be down to the eve-ng software, But im curious when you tested this, do you actually see that specific host mac in the address table of the switch in the first place, As if you didnt it WONT get dropped even with that command being applied.

I think it is due to the eve-ng software. Because when I used the command and cleared the mac table, I noticed that the core switch did not see the mac address because of the command I used, and when inquiring about its status, it is shown as drop, but the device is still able to access the network. It caused me a headache yesterday, I tried for about 7 hours to apply all scenarios and did not see the effectiveness of the command, but today I will apply what you mentioned to me, but in reality at work I will not use it