[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 654
  • Last Modified:

MAC Filtering on a Cisco 2960

I am trying to block internet access from a specific mac address on the network with our Cisco 2960.  Ideally I'd like to only block access to f0/2, as this is where the firewall (Cisco ASA 5505) is connected.  I have tried:

mac address-table static bc30.5ba5.4812 vlan 20 interface fastEthernet 0/2

This command unfortunately blocks all traffic to the unit.  Also tried:

mac access-list extended BlockInternet
 deny   host bc30.5ba5.4812 any
 deny   any host bc30.5ba5.4812
 permit any any

On the f0/2 interface i applied:

 mac access-group BlockInternet in

This doesn't seem to work either.

1 Solution
RailroadAuthor Commented:
Well I gave up.  Switched to using an IP based ACL.  Not as clean, as it requires an reservation in DHCP, but on well.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now