Differences between revisions 2 and 3
Revision 2 as of 2012-09-11 12:42:00
Size: 676
Editor: PieterSmit
Comment: Add some monitor commands.
Revision 3 as of 2012-09-11 12:53:55
Size: 952
Editor: PieterSmit
Comment: Add port mac acl
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:

{{{
!
mac access-list extended aclMacWifiGuestBlock
 deny host d0df.9ad2.ffd4 any
 deny any host d0df.9ad2.ffd4
 permit any any
!
int Gi2/0/16
    mac access-group aclMacWifiGuestBlock in
!
!
#sh access-lists aclMacWifiGuestBlock
!
}}}
 * Below did not work.

Mac access list on vlan interface

  • Goal to filter a specific mac on a vlan interface. 

!
mac access-list extended aclMacWifiGuestBlock
 deny host d0df.9ad2.ffd4 any
 deny any host d0df.9ad2.ffd4
 permit any any
!
int Gi2/0/16
    mac access-group aclMacWifiGuestBlock in
!
!
#sh access-lists aclMacWifiGuestBlock
!
  • Below did not work. 

!
mac access-list extended MacWifiGuestBlock
 permit host d0df.9ad2.ffd4 any
 permit any host d0df.9ad2.ffd4
!
!
vlan access-map vAclWifiGuest 10
 action drop
 match mac address MacWifiGuestBlock
vlan access-map vAclWifiGuest 20
 action forward
!         
vlan filter vAclWifiGuest vlan-list 131
!
  • Monitor with
    • #clear mac address-table dynamic vlan 131
    • #show mac-address-table dynamic vlan 131 | i d0df.9ad2.ffd4

...

CategoryCisco

cisco/AccessListVlanMac (last edited 2012-09-11 15:04:26 by PieterSmit)