I am trying to block a MAC address on a CISCO L2 switch from all ports. Yes, 
trying to block traffic from a specific MAC to go to all interfaces of a L2 
switch

Port security is one option if have a list of all trusted MAC but for a 
scenario where port security not configured & need to restrict all traffic from 
a specific MAC & remaining all should be allowed.


Dhiraj



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Bourque Daniel
Sent: 08 August 2017 02:43
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] Block MAC address on CISCO L2 Switch

It's not clear what you are trying to do and without this information, you 
could run around for some time.  Are you trying to restrict a MAC to an 
interface?  Are you trying to block traffic from a specific MAC to go to all 
interfaces of a L2 switch? Are you trying to block a Mac from going outside of 
your L2 switch/coming into your L2 switch?  Traffic direction will restrict the 
type of filtering available...

Is the traffic external or local to the switch?  Do you really need to use an 
ACL?  Maybe Port Security is what you need...

PS: The exact model AND IOS version also have an impact on the type of 
available ACL type...

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/15-0_2_se/configuration/guide/scg2960/swacl.pdf

De : listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] De la part de Haritwal, Dhiraj
Envoyé : 7 août 2017 13:39
À : ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Objet : RE: [NTSysADM] Block MAC address on CISCO L2 Switch

Thanks but I hope port ACL can be specific to a single port. What if the device 
connected on a different port. Instead of individual port, should be on VLAN so 
that it can check all ports in that VLAN, isn't it.


Dhiraj




From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Bourque Daniel
Sent: 07 August 2017 22:57
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Block MAC address on CISCO L2 Switch

If it's traffic incoming from a local port, à Port ACL may be a solution.  I 
had to use it to block specific packet coming from a multimedia device that was 
killing other types of eqpt...

De : listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] De la part de Haritwal, Dhiraj
Envoyé : 7 août 2017 13:16
À : ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Objet : [NTSysADM] Block MAC address on CISCO L2 Switch

Hi,

I am trying to block a MAC Address on a CISCO L2 (2960/2960 S) switch with MAC 
access-list, VLAN Access Map, VLAN Access filter but looks like it's not 
working.

Appreciate any suggestion to do the same.



Regards,


Dhiraj

________________________________

This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

Mise en garde concernant la confidentialité : Le présent message, comprenant 
tout fichier qui y est joint, est envoyé à l'intention exclusive de son 
destinataire; il est de nature confidentielle et peut constituer une 
information protégée par le secret professionnel. Si vous n'êtes pas le 
destinataire, nous vous avisons que toute impression, copie, distribution ou 
autre utilisation de ce message est strictement interdite. Si vous avez reçu ce 
courriel par erreur, veuillez en aviser immédiatement l'expéditeur par retour 
de courriel et supprimer le courriel. Merci!

Confidentiality Warning: This message, including any attachment, is sent only 
for the use of the intended recipient; it is confidential and may constitute 
privileged information. If you are not the intended recipient, you are hereby 
notified that any printing, copying, distribution or other use of this message 
is strictly prohibited. If you have received this email in error, please notify 
the sender immediately by return email, and delete it. Thank you!

________________________________

This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

Mise en garde concernant la confidentialité : Le présent message, comprenant 
tout fichier qui y est joint, est envoyé à l'intention exclusive de son 
destinataire; il est de nature confidentielle et peut constituer une 
information protégée par le secret professionnel. Si vous n'êtes pas le 
destinataire, nous vous avisons que toute impression, copie, distribution ou 
autre utilisation de ce message est strictement interdite. Si vous avez reçu ce 
courriel par erreur, veuillez en aviser immédiatement l'expéditeur par retour 
de courriel et supprimer le courriel. Merci!

Confidentiality Warning: This message, including any attachment, is sent only 
for the use of the intended recipient; it is confidential and may constitute 
privileged information. If you are not the intended recipient, you are hereby 
notified that any printing, copying, distribution or other use of this message 
is strictly prohibited. If you have received this email in error, please notify 
the sender immediately by return email, and delete it. Thank you!

________________________________

This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway..

Reply via email to