I need to block internet & internet of one particular user so how can we block this communication i only have mac information of this user.
I have L3 switch WS-C3850-12XS so is there any kind of filtering option so we can enable it on L3 switch it self so user will not get even IP address.
On l3 switch we have all the SVI.
you can use Class-map, Policy-map and then apply it to the designated port. see example below
class-map match any unwanted-pc's
match source-address mac aaaa.bbbb.cccc
match source-address mac nnnn.jjjj.dddd
match source-address mac oooo.llll.pppp
int gi 0/1 <--------------------- designated port which the PC is connected
description "LAN Interface"
service-policy input block
Can we use below command for blocking because behind L3 there is multiple UPlink goes to access switches & i want to block for this user.
so when he reach to L3 connection will drop automatically.
So i can not map any uplink port as there is multiple uplink
mac address-table aaa:bbbc:ddd vlan x drop?
I have check this is working fine with below command.
mac address-table aaa:bbbc:ddd vlan x drop
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: