Custom Search

To advertise on this site email advertise@goatnetworking.com

Dropping Traffic from unwanted MAC address with Cisco

Site Admin
User avatar
Posts: 369
Joined: Wed Jan 04, 2012 2:36 pm

Dropping Traffic from unwanted MAC address with Cisco

Postby admin » Tue Mar 20, 2012 12:38 pm

Windows 2003 DHCP services can deny a MAC address. The following is good article on that.

http://blogs.technet.com/teamdhcp/archi ... ering.aspx

However if you don’t have any other methods of granting or restricting access to your network someone can just assign a static entry.

There are several ways to stop this from happening, I am just going to cover a simple quick way to drop traffic of a particular MAC with a Cisco Switch.

Telnet or SSH to your Cisco switch, enter enable mode, Show the mac addresses “sh mac address-table” note the MAC and the port “Gi0/20″, show vlans “sh vlan”, find the vlan Number the port is taged to “Gi0/20″ Enter config mode and the following command.

Switch(config)# mac address-table static c2f2.220a.12f4 vlan 4 drop

All traffic for this MAC is now dropped. To remove this simply place a “no” in front of the command.

Switch(config)# no mac address-table static c2f2.220a.12f4 vlan 4 drop

Disclaimer, I am sure there are other ways maybe better ways to do this. Please post. I found this quick easy and not disruptive.

Return to Network Security

Twitter Facebook

Who is online

Users browsing this forum: No registered users and 1 guest