Interface GigabitEthernet2/1=Dell laptop connected hereĢ=In this case follwoing configuration is tried with dell laptop connected on 2/1 while hp laptop connected to 2/3 Permit 0018.fe00.0000 any=HP mac address allowed I have done following setip in lab wherein treid with 2 laptops,one with dell and other with HP.The aim is to deny accees to HP laptop while access to Dell laptop will be allowed.Both laptops connected to port 2/1 & 2/3 and part of vlan 10 with ip address 192.168.10.1 while dell laptop ip as 192.168.10.2 & HP laptop ip as 192.168.10.3.i have tried follwoing 2 configurationsġ=Mac access list directly applied to port 2/1 wherien only HP mac address is allowed an dell laptop is connected.Still dell laptop able to ping interface vlan 10 ip Kindly suggest if anything is missing in cat 4506 config (Sup6L-E and release 15.1) The moment we remove the mac access-group,ping starts again. We apply the mac access-group command on interface and clear the arp-cache and we are not able to ping vlan interface ip. Note-we have tested same configuration on cat 3560 and its working fine.
Laptop with ip address 192.168.10.2/24 connected to port 2/1 is able to ping 192.168.10.1 even after applying the mac access-group The mac access group is applied to the port where the laptop is connected to cat 4506.Even after applying the mac access group on the port, the laptop is able to ping the vlan ip of cat 4506ĭeny host 5b4 any (laptop mac with ip address 192.168.10.2/24)
We want to permit certain mac addresses on the cat 4506 switch wherein only those mac addresses will get access to network.įor testing purpose we have created mac access list on cat 4506 and deny laptop mac address in this access list.
0 kommentar(er)
