Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
0
Replies

MAC ACL on Cisco 2960-S (12.2)

Digistras
Level 1
Level 1

‎12-10-2012 06:48 AM - edited ‎03-07-2019 10:30 AM

                   Hi guys! I got a question about MAC Address Control List (ACL) on a 2960-S Series Switch running on IOS 12.2.

I have a list of 21x MAC Addresses and these are laptop clients which they will connect to a 2960-S Switch with 24x Ports using wired connection. Since they are using laptop, these 21x clients can and will connect to any of the 24 ports and ONLY these 21x MAC Addresses are allowed to connect to the 24x switch ports. Any other MAC Address which attempt to connect to any of the 24x ports WILL cause the affected switchport to Shutdown.

I would like to know:

1. Is there any way possible to create a MAC Access Control List with the 21x MAC Addresses and bind that list to all the 24x interfaces of the 2960-S switch so that when ever a clients connects to any of the switchports, it will refer to that list for verification to ensure that is a permitted client and shutdown the affected port if it is not a authorised client?

(P.S I'm 100% sure that I have done that on a Alcatel Switch (no pun intended) before. I just need to create a MAC ACL and give it a name, then inside the MAC ACL, I just need to input the MAC Addresses a.k.a Access Control Entries (ACE) and then bind the MAC ACL to any interface that I want and I'm done! I have also tested that the port will shutdown if I attempt to connect any other MAC addresses that is not inside the MAC ACL ACE list. I don't have to input the MAC ACL Addresses into every interface that I want the MAC ACL to be in).

2. I know that using port-security is the closest or probably the only way that I can get but I like to know if there is any way with Cisco IOS that I can do the same way as I did on the above mentioned Alcatel Switch?

3. If there is really a way to do it in Cisco IOS, I would really appreciate if anyone could guide me on the steps to perform to achieve my objective. Also, I would need the affected port to be shutdown if any other MAC Addresses other then those in the MAC ACL attempt to connect to any switchport.

I really hope to find and answer to this as I find that if Alcatel Switch can do it, I strongly believe that Cisco Switches could do the same as well.

Thanks in advance!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card