<div>
<div class="content wysiwyg-content">
I am trying to block internet access from a specific mac address on the network with our Cisco 2960. &nbsp;Ideally I'd like to only block access to f0/2, as this is where the firewall (Cisco ASA 5505) is connected. &nbsp;I have tried:<br />
<br />
mac address-table static bc30.5ba5.4812 vlan 20 interface fastEthernet 0/2<br />
<br />
This command unfortunately blocks all traffic to the unit. &nbsp;Also tried:<br />
<br />
mac access-list extended BlockInternet<br />
&nbsp;deny &nbsp; host bc30.5ba5.4812 any<br />
&nbsp;deny &nbsp; any host bc30.5ba5.4812<br />
&nbsp;permit any any<br />
<br />
On the f0/2 interface i applied:<br />
<br />
&nbsp;mac access-group BlockInternet in<br />
<br />
This doesn't seem to work either.<br />
<br />
Suggestions?
</div>
</div>


I am trying to block internet access from a specific mac address on the network with our Cisco 2960.  Ideally I'd like to only block access to f0/2, as this is where the firewall (Cisco ASA 5505) is connected.  I have tried:

mac address-table static bc30.5ba5.4812 vlan 20 interface fastEthernet 0/2

This command unfortunately blocks all traffic to the unit.  Also tried:

mac access-list extended BlockInternet
 deny   host bc30.5ba5.4812 any
 deny   any host bc30.5ba5.4812
 permit any any

On the f0/2 interface i applied:

 mac access-group BlockInternet in

This doesn't seem to work either.

Suggestions?

MAC Filtering on a Cisco 2960

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.