[c-nsp] mac filter on switch
Peter Rathlev
peter at rathlev.dk
Tue May 23 13:23:47 EDT 2017
> 2017-05-23 17:01 GMT+02:00 Peter Rathlev <peter at rathlev.dk>:
> > Maybe "switchport port-security" with static addresses will do what
> > you want?
On Tue, 2017-05-23 at 17:33 +0200, james list wrote:
> it seems fine, do you have an idea if it's possible to use the mask
> for the mac ?
>
> Something like:
>
> mac access-list extended secure-mac
> permit 40aa.zz00.0000 0000.00ff.ffff any
>
> It seems I've to list all the mac address and is not possible to use
> a mask.
I convinced you cannot use masks with "switchport port-security".
If you need more flexibility then a simple 802.1X implementation with a
RADIUS-server is perhaps a solution. It's possible to have FreeRADIUS
(and probably other RADIUS servers) use regular expressions to match
the username/MAC address. It is of course more complex and leads to the
switch being dependent on a reachable RADIUS-server...
--
Peter
More information about the cisco-nsp
mailing list