Folks,
Wearing my (former) Cisco hat I feel my "working" Lenoco Rackswitch ACL is janky. TLDR - I want to limit a single port to 2 different MAC addresses. In lieu of no real port security options to address this directly, I had to use an ACL (shown below).
! access-control list 151 ethernet source-mac-address AB:CD:EF:GH:IJ:KL ff:ff:ff:ff:ff:ff access-control list 151 action permit ! access-control list 152 ethernet source-mac-address AB:CD:EF:GH:IJ:KL ff:ff:ff:ff:ff:ff access-control list 152 action permit ! access-control list 153 ethernet ethernet-type any access-control list 153 action deny ! access-control group 150 list 151 access-control group 150 list 152 access-control group 150 list 153 ! interface port 22 access-control group 150
Note: I did remove the real MAC addresses from the above.
Note #2: I do know there is no G-L as valid options in MAC addresses.
- I can't seem to figure out how to have a single ACL with multiple source MAC addresses listed -- is this a limitation or are my expectations wrong? I find it "wrong" to have to have an entire ACL for specific MAC addresses
No comments:
Post a Comment