You can just do mac-address-table static 0016.6f99.9e61 vlan 3030 drop.
Schilling On Tue, Mar 24, 2009 at 3:42 PM, Rick Coloccia <coloc...@geneseo.edu> wrote: > Is anyone doing anything like this in a Catalyst 6500? I'm running a sup > 720 with ios 12.2(33)SXH4. I have a "bad user" that I need to block, > regardless of where or how they connect to the lan. I hoped that by > blocking their mac address, where-ever it may appear, I might be able to > accomplish what I need. This doesn't seem to work on my test device. My gut > tells me that the problem is in my mac address acl. Thoughts? Other ways to > do this? > Thanks! > -Rick > > mac access-list extended AllDevices > permit any any > mac access-list extended BadDevices > permit host 0016.6f99.9e61 any > permit any host 0016.6f99.9e61 > ! > ! > vlan access-map DropBadDevices 10 > match mac address BadDevices > action drop > vlan access-map DropBadDevices 20 > match mac address AllDevices > action forward > ! > vlan filter DropBadDevices vlan-list 3030 > > > c6513#show run int vlan 3030 > interface Vlan3030 > description ~VLAN 3030 - Encrypted Wireless > ip dhcp relay information trusted > ip address 137.238.100.1 255.255.252.0 > ip helper-address 137.238.1.16 > ip flow ingress > ip pim sparse-dense-mode > end > > > c6513#show vlan access-map DropBadDevices > Vlan access-map "DropBadDevices" 10 > match: mac address BadDevices > action: drop > Vlan access-map "DropBadDevices" 20 > match: mac address AllDevices > action: forward > > c6513#show vlan filter vlan 3030 > Vlan 3030 has filter DropBadDevices. > filter is active > > c6513#show vlan filter acc c6513#show vlan filter access-map > DropBadDevices > VLAN Map DropBadDevices: > Configured on VLANs: 3030 > Active on VLANs: 3030 > > c6513#show mac-address-table | include 9e61 > * 3030 0016.6f99.9e61 dynamic Yes 0 Po1 > > > -- > Rick Coloccia, Jr. > Network Manager > State University of NY College at Geneseo > 1 College Circle, 119 South Hall > Geneseo, NY 14454 > V: 585-245-5577 > F: 585-245-5579 > > _______________________________________________ > cisco-nsp mailing list cisco-...@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/