[c-nsp] Blocking "bad users" based on MAC Address
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 25 06:32:04 EDT 2009
Rick Coloccia wrote:
> oh, thank you, I see how direct and precise this is, and if I wanted
> to drop the person in several vlans, I assume I could do
>
> mac-address-table static 0016.6f99.9e61 vlan 3030 drop
> mac-address-table static 0016.6f99.9e61 vlan 3010 drop
> mac-address-table static 0016.6f99.9e61 vlan 3020 drop
Yes
>
> but would that begin to be bad regarding how much impact that would
> have on the core itself? Is there a more appropriate way for me to do
They're just FDB entries.
> what I need as this scales, so when I have 4, 5, or 10 mac addresses
> I'm blocking on several vlans?
Some kind of MAC auth - so MAB to a radius server, or VMPS (avoid).
More information about the cisco-nsp
mailing list