Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
2
Replies

Vlan access map

Ambrish Kumar Pandey
Level 1
Level 1

‎08-24-2015 12:07 AM - edited ‎03-08-2019 01:28 AM

Hi all, 

 

I need help,  we are using Cisco catalyst 2960 switch for our location,  in switch for security purpose we are using Mac access list and all devices of location getting the ip thru dhcp which is configure in switch,  now I want block dhcp services for all non permit Mac  that they can't get ips untill they are not added in Mac access list,

 

i have tried below commands but its is not working.............................

 

These are commands, 

 

Mac access-list extended abc

Permit host 1111.1111.1111 any

Permit host 2222.2222.222 any

 

And then applied it on every interface of switch

Interface range gi0/1-24

Mac access group abc in

 


 

access-list extended DENY-DHCP

deny udp any any eq bootps

deny udp any any eq bootpc

 

ip access list

vlan access map XYZ 10

match  mac address abc

action forward

 

vlan access mac XYZ 20

match ip address 101

action dorp

 

vlan filter xyz vlan 1

 

 

Thanks in advance... 

Labels:
0 Helpful
2 Replies 2

Peter Koltl
Level 7
Level 7

‎09-07-2015 12:25 PM

802.1X is much more scalable

0 Helpful

Ambrish Kumar Pandey
Level 1
Level 1
In response to Peter Koltl

‎09-13-2015 12:20 PM

In this case we have to use Authentication server AAA/SACS, i just want to block DHCP services for the MAC who is not in the mac access list, so they cant get IP until they permit in mac access list.

0 Helpful
Customers Also Viewed These Support Documents