[nsp] MAC address ACL

Terry Baranski tbaranski at mail.com
Sun Jul 11 19:53:26 EDT 2004


> That sucks...  Is there any way to combine a regular IP based
> ACL with a 48bit hardware address ACL?  My other option would 
> be to use the router to block the mac.

VMPS aside, I'm not aware of a way to do the "deny by exception, allow
by default" thing with MAC addresses on Cisco switches (port security is
the opposite).  But depending on what the specific requirement is, you
may be able to get clever (i.e., implement an ugly fix) by, say, adding
a static CAM entry for the MAC address in question pointing to a port
that you know it can't appear on (such as a router uplink).  This should
prevent bi-directional communication if nothing else.

-Terry



More information about the cisco-nsp mailing list