Configure Cisco Router 800 series to filter out certain mac addresses

Posted on 2007-08-06
Last Modified: 2011-10-03
How do you configure a Cisco 831 or 851 router to filter  out (deny) packets from specific mac address ranges?  Specifically, if I wanted to deny any packets from internal to external from any device without a 12 34 56 MAC address prefix, how do I configure that?  If these two models do not support this, can you recommend a model that does?
Question by:southpawjoe
    LVL 32

    Accepted Solution

    Do you have a router now ?

    If so, then why not try out there ?, in the config mode just do 'access-list' and see if it has mac-acl as an option.

    LVL 9

    Expert Comment


    There isnt a mac-address acl available on the 831's, as far as i can see on mine.
    If your trying to deny these specific mac addresses, whatever they are, i would suggest putting them in their own ip range, or a continuous range within your ip schema, then deny the range.

    LVL 8

    Assisted Solution

    use access-list and not ip access-list (see below)

    ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
    ROM: C831 Software (C831-K9O3SY6-M), Version 12.2(13)ZG, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

    Internet.Router(config)#access-list ?
      <1-99>            IP standard access list
      <100-199>         IP extended access list
      <1100-1199>       Extended 48-bit MAC address access list
      <1300-1999>       IP standard access list (expanded range)
      <200-299>         Protocol type-code access list
      <2000-2699>       IP extended access list (expanded range)
      <700-799>         48-bit MAC address access list
      dynamic-extended  Extend the dynamic ACL abolute timer
      rate-limit        Simple rate-limit specific access list

    LVL 9

    Expert Comment

    sorry southpawjoe, Jim is correct. Thanks for the info Jim.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now