Re: WS-C3850-12XS || internet & interanet blocking

yogesh1 · ‎11-26-2018

Hi All,

I need to block internet & internet of one particular user so how can we block this communication i only have mac information of this user.

I have L3 switch WS-C3850-12XS so is there any kind of filtering option so we can enable it on L3 switch it self so user will not get even IP address.

On l3 switch we have all the SVI.

saif musa · ‎11-26-2018

Hi,

you can use Class-map, Policy-map and then apply it to the designated port. see example below

class-map match any unwanted-pc's

match source-address mac aaaa.bbbb.cccc

match source-address mac nnnn.jjjj.dddd

match source-address mac oooo.llll.pppp

!

policy-map block

class unwanted-pc's

drop

!

int gi 0/1 <--------------------- designated port which the PC is connected

description "LAN Interface"

service-policy input block

Regrads

saif musa · ‎11-26-2018

yogesh1 · ‎11-27-2018

Dear Saif,

Can we use below command for blocking because behind L3 there is multiple UPlink goes to access switches & i want to block for this user.

so when he reach to L3 connection will drop automatically.

So i can not map any uplink port as there is multiple uplink

mac address-table aaa:bbbc:ddd vlan x drop?

yogesh1 · ‎11-27-2018

Dear Saif,

I have check this is working fine with below command.

mac address-table aaa:bbbc:ddd vlan x drop