The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts. Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0Įnter the vlan access-map map_ name command and the action drop command, which is the action to perform. Switch(config)# mac access-list extended ARP_Packet In global configuration mode, create a named MAC extended access list with the name ARP_Packet.Įnter the mac access-list extended ACL_name command and add the host MAC address or addresses that you want to block. You can filter on this protocol type as interesting traffic for the access list. In accordance with RFC 826, an ARP frame uses the Ethernet protocol type of value 0x806. You also need to identify the ARP traffic in the access list. You select a MAC address or range of MAC addresses for blocking. First, you create the VLAN access maps for each type of traffic that must be filtered. In order to configure MAC address filtering and apply it to the VLAN interface, you must complete several steps. In this section, you are presented with the information to configure the features described in this document.
#Meraki blacklist mac address series
Other switches that support the commands in this configuration include Catalyst 2970, 3560, or 3750 Series Switches. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on the Cisco Catalyst 3550 Switch. Refer to IEEE OUI and Company_id Assignments in order to determine IEEE OUI and company_id assignments. You can accomplish this type of restriction if you create MAC address ACLs and VLAN access maps and apply them to a VLAN interface. In some network scenarios, you want to block ARP packets based, not on the IP address, but on the Layer 2 MAC addresses. In a network, you can block ARP request packets in order to restrict user access. You can block a range of hosts if you disallow Address Resolution Protocol (ARP) packets that originate from these devices based on the IEEE Organizational Unique Identifier (OUI) and company_id assignments. You can block a single host or a range of hosts, based on the host network interface card (NIC) adapter manufacturer.
#Meraki blacklist mac address how to
The document demonstrates how to configure a MAC access control list (ACL) in order to block communication among devices within a VLAN. You can use any Catalyst 2970, 3560, or 3750 Series Switch in this scenario in order to obtain the same results. This document discusses the configuration for a Cisco Catalyst 3550 Series Switch.
0 kommentar(er)
