11-26-2018 11:22 PM - edited 03-08-2019 04:40 PM
Hi All,
I need to block internet & internet of one particular user so how can we block this communication i only have mac information of this user.
I have L3 switch WS-C3850-12XS so is there any kind of filtering option so we can enable it on L3 switch it self so user will not get even IP address.
On l3 switch we have all the SVI.
11-26-2018 11:47 PM - edited 11-26-2018 11:48 PM
Hi,
you can use Class-map, Policy-map and then apply it to the designated port. see example below
class-map match any unwanted-pc's
match source-address mac aaaa.bbbb.cccc
match source-address mac nnnn.jjjj.dddd
match source-address mac oooo.llll.pppp
!
policy-map block
class unwanted-pc's
drop
!
int gi 0/1 <--------------------- designated port which the PC is connected
description "LAN Interface"
service-policy input block
Regrads
11-26-2018 11:48 PM
11-27-2018 12:46 AM
Dear Saif,
Can we use below command for blocking because behind L3 there is multiple UPlink goes to access switches & i want to block for this user.
so when he reach to L3 connection will drop automatically.
So i can not map any uplink port as there is multiple uplink
mac address-table aaa:bbbc:ddd vlan x drop?
11-27-2018 01:21 AM
Dear Saif,
I have check this is working fine with below command.
mac address-table aaa:bbbc:ddd vlan x drop
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide