基於MAC地址的ACL 控制MAC地址上網
=======================================
mac access-list extended MAC80185
deny host 00e0.4c90.01d1 any
permit any any
!
interface FastEthernet0/4
switchport access vlan 251
no ip address
mac access-group MAC80185 in
=======================================
mac access-list extended MAC80185
deny host 00e0.4c90.01d1 any
permit any any
!
interface FastEthernet0/4
switchport access vlan 251
no ip address
mac access-group MAC80185 in
=======================================
封到一個MAC地址,不讓其接入網絡的方法二
使用SNIFFER查到故障PC的IP,在交換機上查到PC的MAC地址
0710-SCM4506-A#sh arp | in 172.27.2.120
Internet 172.27.2.120 1 0002.e348.aba1 ARPA Vlan200
0710-SCM4506-A#conf t
Enter configuration commands, .e per line. End with CNTL/Z.
使用以下命令 drop 故障PC MAC地址發送數據包
0710-SCM4506-A(config)#mac-address-table static 0002.e348.aba1 vlan 200 drop
NO掉該MAC地址,PC即可正常上網
0710-SCM4506-A(config)#no mac-address-table static 0002.e348.aba1 vlan 200
0710-SCM4506-A(config)#no mac-address-table static 0002.e348.aba1 vlan 200
=============================================================================
showshow arp | in +ip 找到MAC地址,
然後show mac-address-table address MAC找到對應交換機端口,
0710-SCM4506-A>show cdp neighbors GigabitEthernet3/15 查找端口上所接的設備
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
254150 Gig 3/15 166 S I WS-C2950G-Gig 0/2
254150 Gig 3/15 166 S I WS-C2950G-Gig 0/2
Cisco2924#show mac-address-table dynamic address 0009.6b8c.64ec