Solved

MAC Filtering

Posted on 2013-12-20
8
285 Views
Last Modified: 2013-12-23
Hi Experts,

I hope you can help me with this. Im trying to set up MAC filtering on a powerconnect 5448
However when i apply my ACL to the port it blocks all traffic even from the device, who's mac should be allowed

As a result im guessing i've configured something wrong so hopefully someone can spot the mistake

Here is my understanding of the fields

Priority - Self explanatory
Action - Self explanatory
Source MAC - MAC of machine or device in question
MAC Wild Card Mask - 00:00:00:00:00:00 for a explicit mac address
VLAN - vlan of port and device
Ethertype - should be 0x0800 for all traffic?

The only one im uncertain on is the ethertype
0
Comment
Question by:FSIFM
  • 3
  • 3
  • 2
8 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39732315
Try Ethertype 0x0806 instead.  You're filtering by MAC, not IPv4.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39732351
Ethernet II frame's "Type" field tells the OS what kind of data the frame carries

0x0800 means that the contents of the frame is an IPv4 packet
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39735567
Hi Guys,

I tried 0x0806 and 0x0800. Still no luck? Any other ideas what could be causing the issue?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39735611
Can you please run and give us the output,

console# show mac access-lists
console# show mac access-lists YOUR-ACL-NAME

Here is the example configuration:

console(config)#mac access-list extended ALLOW
console(config-mac-access-list)#Permit 3C97.0E86.9F42 0000.0000.0000 any
console(config-mac-access-list)#Deny any any

Then we apply on that specific interface
console(config)#mac access-group ALLOW in
0
 
LVL 4

Author Comment

by:FSIFM
ID: 39735622
SWI..DP108# show access-lists
MAC access list SJones
    permit  host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
SWI..DP108# show access-lists
MAC access list SJones
    permit  host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806

SWI..DP108# show access-lists SJones
MAC access list SJones
    permit  host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 250 total points
ID: 39735832
This is for a 6024, but might work on the 5448...

mac access-list ALLOW_PCS
 permit aa:bb:cc:dd:ee:ff 00:00:00:00:00:00 any vlan 1
 permit 00:11:22:33:44:55 00:00:00:00:00:00 any vlan 1
!
interface e1
 service-acl input ALLOW_PCS
interface e2
 service-acl input ALLOW_PCS

Open in new window

Replace the MAC addresses with real ones, and change the VLAN to whichever destination VLAN you want to allow that MAC to access.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39735842
EtherType 0806 seems to be for Address Resolution Protocol (ARP)

Can you please remote "ethtype 0806" from the ACE.

Also please apply the ACL inbound to the interface.
0
 
LVL 4

Author Closing Comment

by:FSIFM
ID: 39736017
That did it! :) Turns out no ethertype needed to be provided

Cheers lads and Merry Xmas to you both
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tagging ports on a managed switch 6 59
stacking Catalyst 3650 20 47
assessment of laptops/desktops for hardware refresh 6 71
Interface VLAN dependencies 6 50
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question