Restrict traffic based on host MAC addresses

The MAC filter feature limits traffic based on the host's MAC address. When this feature is used, the switch can discard traffic originating from the configured MAC address. By using this feature, the network management source can prevent unauthorized hosts from sending traffic to the network.
 
 
Note: The vswitch only allows filtering of unicast source MAC address traffic, but does not allow filtering of multicast source MAC address traffic. The rules for sending data packets using multicast source MAC addresses are invalid.
The vswitch allows you to configure unicast filtering on the entire VLAN or a single interface. If the source MAC address used by the data frame is not specified, the switch can transmit the data frame normally. For a cisco IOS software-based switch, it only supports unicast filtering that still exists after restart.
Configuration process:
1) enter the global mode configure terminal
2) Configure to limit MAC address traffic
Mac-address-table static MAC address vlan ID drop
3) verification results
Show mac-address-table static vlan 1
Case:
Switch (config) # mac-address-table static Routing .0000.0008 vlan 1 drop
Switch # show mac-address-table static vlan 1
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
----------------------------
1 000d. 6564.0280 STATIC CPU
1 01001_ccc.cccc STATIC CPU
1 01001_ccc.cccd STATIC CPU
1 01001_cdd.dddd STATIC CPU
1 2.16.0000.0008 STATIC Drop
Total Mac Addresses for this criterion: 5
 
Company IP address conflict resolution case
Block
A SHEC-2960 (A) # conf t
SHEC-2960 (A) # show mac address-table dynamic address 001e. ec98.2b7d
SHEC-2960 (A) (config) # mac address-table static 001e. ec98.2b7d vlan 1 drop
The SHEC-2960 (A) # wr
 
 
Cancel Blocking
SHEC-2960 (A) (config) # no mac address-table stat 001e. ec98.2b7d vlan 1
The SHEC-2960 (A) # wr

From light rain in September