Cisco MAC filtering for Catalyst series

Last updated: Apr 1, 2022

We will see how to manage mac filtering with commands line on Cisco Catalyst series.

Configuration

Switch model : Cisco catalyst 1000

Create ACL

Create acl MF01 :

Switch(config)# mac access-list extended MF01

Allow 24:B6:FD:14:08:53 mac address :

Switch(config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any

Allow 48:bd:0e:02:ea:41 mac address :

Switch(config-mac-al)# permit 48:bd:0e:02:ea:41 00:00:00:00:00:00 any

Allow 00:11:xx:xx:xx:xx mac address family :

Switch(config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any

Every other addresses will be denied :

Switch(config-mac-al)# deny any any

Associate MF01 acl to interfaces

Configure interfaces from gi1/0/4 to gi1/0/18 :

Switch(config)# interface range ge1/0/4-18

Apply MF01 access list to interfaces :

Switch(config-if-range)# mac access-group MF01 in

Disassociate MF01 access list with interfaces :

Switch(config-if-range)# no mac access-group MF01 in

Useful Commands

Show mac addresses :

Switch# show mac address-table

Retrieve mac addresses from port Gi1/0/1 :

Switch# show mac address-table | include Gi1/0/1

Show access list :

Switch# show access-lists MF01
Extended MAC access list MF01
    permit host 24b6.fd14.0853 any
    permit host 48bd.0e02.ea41 any
    permit 0011.0000.0000 0000.ffff.ffff any
    deny   any any

Delete an acl rule :

Switch(config)# mac access-list extended MF01
Switch(config-mac-al)# no permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any

Delete an acl :

Switch(config)# no mac access-list extended MF01

Example

Let see how to allow only 00:11 MAC addresses family and 24:B6:FD:14:08:53 host. Any others addresses will be rejected.

computers connected to a switch which filter MAC

Create access list :