[nsp] MAC address ACL
Stephen J. Wilcox
steve at telecomplete.co.uk
Sun Jul 11 19:00:48 EDT 2004
Can you not unplug the device!
Seriously, this is an odd request whats the problem you're trying to solve. My
approach would probably be to run port security and specify secure macs that are
allowed .. but my above comment altho joking is the logical thing - unplug the
device, or put it into some other vlan etc
Steve
On Sun, 11 Jul 2004, Christopher J. Wolff wrote:
> Terry,
>
> That sucks... Is there any way to combine a regular IP based ACL with a
> 48bit hardware address ACL? My other option would be to use the router to
> block the mac.
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Terry Baranski
> Sent: Sunday, July 11, 2004 2:20 PM
> To: cisco-nsp at puck.nether.net
> Subject: RE: [nsp] MAC address ACL
>
> > I'm trying to block a specific mac address at a catalyst
> > 3524 switch. I've tried RTFM'ing but it seems like all I
> > can come up with is setting up IP based ACL's on the 3524.
> > I'd like a method to do a MAC ACL.
>
> Unless this has changed recently, MAC ACLs (which may not even be
> supported on the 3500XLs) only apply to non-IP traffic. So you may be
> out of luck unless allowing specific addresses via port security will
> suffice.
>
> -Terry
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list