Cisco MAC filtering for Catalyst series
- Last updated: Apr 1, 2022
We will see how to manage mac filtering with commands line on Cisco Catalyst series.
Let see how to allow only 00:11 MAC addresses family and 24:B6:FD:14:08:53 host. Any others addresses will be rejected.Configuration
Create ACL
Switch(config)# mac access-list extended MF01
Switch(config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch(config-mac-al)# permit 48:bd:0e:02:ea:41 00:00:00:00:00:00 any
Switch(config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any
Switch(config-mac-al)# deny any anyAssociate MF01 acl to interfaces
gi1/0/4 to gi1/0/18:Switch(config)# interface range ge1/0/4-18
Switch(config-if-range)# mac access-group MF01 in
Switch(config-if-range)# no mac access-group MF01 inUseful Commands
Switch# show mac address-table
Gi1/0/1:Switch# show mac address-table | include Gi1/0/1
Switch# show access-lists MF01
Extended MAC access list MF01
permit host 24b6.fd14.0853 any
permit host 48bd.0e02.ea41 any
permit 0011.0000.0000 0000.ffff.ffff any
deny any any
Switch(config)# mac access-list extended MF01
Switch(config-mac-al)# no permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch(config)# no mac access-list extended MF01Example
Switch(config)# mac access-list extended MF01
Switch(config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any
Switch(config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch(config-mac-al)# deny any any
ge1/0/1 to ge1/0/24:Switch(config)# interface range ge1/0/1-24
Switch(config-if-range)# mac access-group MF01 in