Cisco MAC filtering for Small Business / SG series

We will see how to manage mac filtering with commands line on Cisco SG switch series.

Configuration

Create ACL

Switch (config)# mac access-list extended MF01
Switch (config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any ace-priority 20
Switch (config-mac-al)# permit 48:bd:0e:02:ea:41 00:00:00:00:00:00 any ace-priority 10
Switch (config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any ace-priority 8
Switch (config-mac-al)# deny any any ace-priority 40

Associate MF01 acl to interfaces

Switch (config)# interface range ge1/0/4-18
Switch (config-if-range)# service-acl input MF01
Switch (config-if-range)# no service-acl input MF01

Useful Commands

Switch # show access-lists MF01
Extended MAC access list MF01
    permit  host 48:bd:0e:02:ea:41 any ace-priority 10
    permit  host 24:b6:fd:14:08:53 any ace-priority 20
    deny    any any ace-priority 40
Switch (config)# mac access-list extended MF01
Switch(config-mac-al)# no permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch (config)# no mac access-list extended MF01

Example

Let see how to allow only 00:11 MAC addresses family and 24:B6:FD:14:08:53 host. Any others addresses will be rejected

MAC filtering
Switch (config)# mac access-list extended MF01
Switch (config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any
Switch (config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch (config-mac-al)# deny any any
Switch (config)# interface range ge1/0/1-24
Switch (config-if-range)# service-acl input MF01
Licence Creative Commons
This website http://shebangthedolphins.net is licensed to the public under a licence Creative Commons Attribution licence.
Contact :