We are planning to enable MAC address filtering (one port on 4510 & another 3560). We want to allow only that MAC address to communicate via that port with the rest of the network and internet.
4510 has PC connected and 3560 had polycom connected.
Does the below is sufficient or something...
4510(config)# mac access-list ext Allowmac
4510(config-ext-macl)# permit host 0000.0000.0001 any (0000.0000.0001 : Mac of the PC)
4510(config-ext-macl)# denty any any
4510(config)# int g7/40
4510(config-if)# mac access-group Allowmac in
Same on 3560 as well.
It looks fine. Just as a side note, 'deny any any' seems to have a typo there as "denty".
For more details about MAC access-lists, refer to Configuring Named MAC Extended ACLs guide here:Also note that, there's a feature called Port Security which can also limit traffic based on the configured MAC addresses and also you can specify a maximum number of MAC addresses allowed on a port.
Port security enables you to restrict the number of MAC addresses (termed secure MAC addresses) on a port, allowing you to prevent access by unauthorized MAC addresses. It also allows you to configure a maximum number of secure MAC addresses on a given port (and optionally for a VLAN for trunk ports). When a secure port exceeds the maximum, a security violation is triggered, and a violation action is performed based on the violation action mode configured on the port.
If you configure the maximum number of secure MAC addresses as 1 on the port, the device attached to the secure port is assured sole access to the port.
Configuring Port Security , click here for the link.