SG300-10p MAC based ACL

I try to limit the access of a printer to one computer and define a MAC based ACL and a corresponding ACE. I set the destination MAC address of the printer (mask 000000000000) and the source MAC address of the computer (mask also 00000000000) and the VLAM ID to 1. The other parameters seem not important? Then I add the ACL to the port where the printer is connected. Unfortunately the printer is not accessible now. What do I forget?

Hi  Andrey
thank you for your lines.
What I did blocks all computers, even this one I want to be allowed to print.
I agree, when I want other computers to be able to print, then I have to add other ACE to the ACL and allow these computers as well.
I had the idea that the masks are wrong and set them to FFFFFFFFFFFF. This however allows all computers to print...
Any other ideas
Thanks in advance
Leo

Similar Messages

  • MAC-based ACL in wireless router

    Hi,
    I have a AIR-AP1262N wireless rotuer. I have implemented many mac based ACL in it. A sample looks like this.
    access-list 715 permit 6427.37e0.8379   0000.0000.0000
    access-list 715 permit e006.e933.901d   0000.0000.0000
    access-list 715 permit 88cb.8278.40e8   0000.0000.0000
    access-list 715 permit 6427.37e0.d1ng   0000.0000.0000
    access-list 715 deny   0000.0000.0000   ffff.ffff.ffff
    Now what ever new mac I want to allow, the acl that I configure is going below the deny rule and it is not working.
    Is there any way to move it before the deny rule or should I delete the whole config and re-enter it every time.

    Please try the below commands and update that it is working or not
    show mac access-lists name
    and then
    resequence mac access-list name starting-sequence-number increment/decrement

  • SRW2024 MAC based ACL

    Hello
    I have srw2024 switch and (3 access point , dsl line cable pluged in )
    and few users accessing network and internet thro that switch , when i try to make ACL Mac-based to deny requests from certian MAC address and bind it with the dsl port, rule is applying on all users not only the one i made rule for
    how could i set rules without effecting on the other users!!
    i want disallow certain users only
    thank you

    Hi Sahar, thank you for using our forum, my name is Luis I am part of the Small business Support community. I found some articles that could help you with your configuration, below you will find the steps to configure the access list and the admin guide.
    MAC Based Access Control List (ACL) and Access Control Entry (ACE) Configuration on 300 Series Managed Switches
    Defining ACL Binding
    You will find the information to bind the ACL to the port interface in page 409.
    I hope you find this answer useful
    Greetings,
    Luis Arias.
    Cisco Network Support Engineer.

  • SRW2024 - ip and Mac based ACL

    Hi!
    I'm trying to set up MAC and IP based ACl on our switches with no success.
    Port 22 is our wan port
    i'm trying to stop ip 192.168.0.53 reaching internet.
    but i need to let all other traffic to pass.
    with ip rule with Deny 192.168.0.53 wild card mask 0.0.0.0
    and acl bound to port g22.
    the problem is that it stop all traffic.
    What am i missing?  i'm trying to do this with MAC ACL too with same results.
    /J

    Hi!
    Ok, i placed a new rule after the block rule.
    permit any  ip 192.168.0.0  Wild card mask 255.255.255.255
    now it lets all traffic pass including the the one i  blocked in the first rule!
    i'm still missing something!
    /J

  • SRW switches and MAC-based filtering

    Hello, i looking for some guide how i can setup MAC-based filtering in ACL.
    Please have step-by-step guide?
    Thank you
    Tomas

    802.1X authentication and MAC-based address filtering can be administered on SRW switches via their web based GUI.
    There is very good documentation on each model...
    example:
    http://www.cisco.com/en/US/products/ps9988/index.html
    then select acl....
    http://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a363de.shtml
    bingo?

  • SG300-10P SYN Protection

    Hi Community,
    just registered after reading some topics in the last months. Great answers here - thank you for that!
    No I have a minor issue with a new feature and did not find any solutions yet.
    Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
    The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
    In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
    So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
    If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround.
    Did I miss something?
    Maybe somebody has some hints for me!
    Best wishes,
    Alex
    BTW: my firewall blocks those SYN packets with a SNORT rule, so I am no "helper" to those attacks and that is why the problem is minor to me.

    Well, finally I discovered that I can provocate an attack with hping3 but only when I flood the switch interface address itself not other hosts on other switch ports. I can bring them down without any reaction from the switch.
    So it seems, that the feature SYN Protection only protects the switch itself from SYN floods.
    Not as useful as I thought.
    Best wishes,
    Alex

  • I have a carillon 25 keyboard (bad choice, I know) and I can't get it to communicate with my mac at all! I'm running logic pro 9 and reason 5. I get signal in from my M Audio trigger finger so I know it isnt an entirely mac based problem. Thanks!!!

    I have a carillon 25 keyboard (bad choice, I know) and I can't get it to communicate with my mac at all! I'm running logic pro 9 and reason 5. I get signal in from my M Audio trigger finger so I know it isnt an entirely mac based problem. Thanks!!!

    Well, how have to determined no signal is being recieved to your mac?
    Have you got something that shows the actual signal? Or have you just been trying to control a VST? What software are you using by the way?
    I personnally went with a AKAI MPK25, because it's made already mapped for logic & ableton etc, so it just makes things incredibly easy.
    I would suggest you return it if you can as a dead unit & perhaps look at something else a bit easier?
    Otherwise, if you just want to get this working we can have a look a bit deeper.
    And driver? OS X driver?

  • When going from a Mac-based Ai to a PC based Ai, the documents "Font" are not found on the PC version?  (mostly Helvetica) where and how do I get those Fonts?  And/or, can I use the Mac version of these Fonts?

    When going from a Mac-based Ai to a PC based Ai, the documents "Font" are not found on the PC version?  (mostly Helvetica) where and how do I get those Fonts?  And/or, can I use the Mac version of these Fonts?
    Thanks, Rich

    In order to be cross platform you must be using the Open Type version of all fonts to cause the least disruption. Macs can read and process the Windows .ttf  type format but PCs can't process Mac formatted type. Most recent versions also cannot use the older PS Type 1 fonts.

  • Unable to ping IP address from SG300 -10p switch

     i have two core switches, we have configured the vlan 70 in both core switch
    sh run int vlan 70 --ip address: 182.94.177.34/28
    configured the HSRP in both routers.
    we have configured port in vlan 77 in access switch 4507R-E , we are able to ping the ip address.
    again we have installed on Cisco SG300 10p switch case cading to Cisco 4507R-E access switch.
    we have give below commands
    switch manangement IP :
    switch38cbaf(config)int vlan1
    switch38cbaf(config-if)#ip address 124.4.67.47 255.255.255.0
    switch38cbaf(config)#vlan database
    switch38cbaf(config-if)vlan 70
    switch38cbaf(config)#int gigabitethernet1
    switch38cbaf(config-if)#switchport mode access
    switch38cbaf(config-if)#switch access vlan 77
    Trunk Configuration
    switch38cbaf(config)#int gigabitEthernet9
    switch38cbaf(config-if)#description << Trunk | connected to access switch 4507R-E | Fa4/1 >>
    switch38cbaf(config-if)#swtichport mode trunk
    switch38cbaf(config-if)#switchport trunk allowed vlan 77
    problem:
    i am assigned the ip address 182.94.177.44 to  our desktop and connected to port Gi1
    I am able to ping 182.94.177.33, 34 and 35 Ip Address but unable to ping 182.94.177.44

    Some things to check/verify -
    a) is there a typo in your configuration above ie. you have created vlan 70 according to your configuration but the actual vlan you are using is vlan 77
    b) does the trunk link between the access 4500 and the core switch allow vlan 77
    c) try pinging from the client and not to it as there may be a firewall on the PC.
    Jon

  • 802.1x mac based authentication

    We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.

    Yes you are right, I misunderstood you. I was under the impression that you were talking about doing MAC based authentication on your AP's, not the switches. That is why I made mention to port security.
    The 2 options would be standard port security or 802.1x port security if you switches support this.
    In order to use the 802.1X port security, your switch would need to support it and the clients connecting to the switch would require a supplicant (EAP-TLS, EAP-TTLS, etc) in order for them to work, not by MAC address alone.
    You can configure standard port security on the switch which will accomplish your intentions and not even need to use the ACS server.
    standard port base security by MAC:
    http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html
    802.1x port based security:
    http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html

  • Best networked printer for a MAC based network?

    I may regret asking this :"), but what is the best network printer to use on a MAC based network? I have been the victim on the bloatware HP drivers for years, and am really sick of them. But what do I purge this nightmare for? Canon (like the MX860) looks interesting and is multifunction (a requirement). Lexmark seems to making a comeback, and Brother as well. Epson has seemed to do OK as well. Who has the most reliable drivers for the OSX platform, updates them the most regularly, and seems to actually care about Apple (as opposed to pandering to the Windows crowd almost exclusively).?
    Comments?
    Dan O

    I did my homework for network printer/scanner/fax and came up with the Brother Color Laser MFC-9840 CDW. It's got every button and whistle, and they all work on a Mac or PC network. You can scan from the machine and pick which Mac to send the scan to, or scan from a Mac. Sheet feeder works for fax and scan, real duplex printing. All works on Leopard. They have lower models which will also work, but without the Color, or Wireless (which we don't use).
    I've seen great on-going driver development with the latest operating systems...

  • MAC-Based Authentication

    I am sorry if this has been asked before or it is the wrong place to ask this.
    I just want to know how secure is MAC-Based Authentication on an AP340 access-point (not bridge) with version 11.07.
    I've done this by adding 'Dest MAC Address' in 'Address Filters' under 'Association' in 'Setup'.
    Also selected 'Disallowed' for 'Default Unicast Address Filter' for all the relevant authentication types in 'Advanced' for 'AP Radio' of the 'Network Ports' in 'Setup'.
    Thanks for any suggestions.

    If an attacker has a network analizer, they can see the MAC address in use (even if WEP is being used as the MAC must not be encrypted)
    Some 802.11 NICs allow the user to configure a MAC address into the NIC.
    So the attacker *could*:
    1. observe a valid NIC in use
    2. program that MAC into their NIC
    3. Wait till the valid user has gone home
    4. Use the NIC they have programmed to access your network from the safty of the parking lot.
    LEAP or VPNs provide a much more secure solution

  • Need advice on Mac-based work setup

    Hi, hoping for some advice on the best Mac-based system to purchase for our 6 design workstations. We are jumping from CS5 to CC. We do GFX for multiple tv stations, motion GFX, compositing, 3D, editing, print design. SPEED is important and we only buy new computers every 4 years or so. Typical workflow has the following open simultaneously: AE, PR or FCP, PS, ID, AI, Firefox, Outlook, and maybe also Word or Text Edit or Quicktime. We do short but complex stuff, 60 seconds tops.
    We’ve got one test system set up so far. These are the specs of our test system; putting all projects and assets on the thunderbolt RAID:
    Mac Pro 10.9.2      3.7 Ghz Quad-Core    Intel Xeon E5      12 Gig DDR3
    30 Inch Apple Cinema Display Display  2560 X 1600    AMD FirePro 2048 MB Graphics
    HDMI to DVI converter for 2008 Apple Studio Display
    Drive: Areca 5026 RAID-ed RAID 5    each slot has a 1TB    Toshiba 7200 RPM 32MB cache SATA 6.0GB/s drive, connected by thunderbolt 2.0
    Blackmagic card: UltraStudio 3D thunderbolt device running the 9.6.7 Black magic drivers, connected thunderbolt 2.0
    Panasonic HD pro tv monitor
    PROBLEM: with this setup we’re disappointed in both rendering and render to RAM speed, and RAM preview at full res is dropping frames on some projects. Turning on multiprocessing does not make it any faster, and won’t render at all in certain codecs (like DV50). I have 12GB of RAM, and reserved 3GB for other applications. With multiprocessing on I have 8 CPUs, leaving 2 for other applications, reserving 2GB per CPU.
    Designers render locally on their own Macs while multi-tasking on print projects, run web browsers, outlook etc.
    QUESTIONS:
    1. What is the best fastest system AE can take advantage of? If we get 6 or 8 or 12 core Mac Pros (instead of the quad core) with more RAM, would AE be able to access that speed, and if so up to how many GB can it use, only up to 2GB per core or can it use more?
    2. Should we replace the graphics card with an Nvidia CUDA? Is the ray-tracing engine something we’ll need with Cinema 4D work?
    Thank you!

    > 1. What is the best fastest system AE can take advantage of? If we get 6 or 8 or 12 core Mac Pros (instead of the quad core) with more RAM, would AE be able to access that speed, and if so up to how many GB can it use, only up to 2GB per core or can it use more?
    Yes, After Effects will take advantage of multiple fast CPUs and all of the RAM that you can install.
    You also want to have a decent-sized SSD connected over a fast bus for the disk cache. The new Mac Pro does very well in that regard.
    2. Should we replace the graphics card with an Nvidia CUDA? Is the ray-tracing engine something we’ll need with Cinema 4D work?
    The After Effects ray-traced 3D renderer has nothing whatsoever to do with Cinema 4D.
    Do not make any buying decisions based on the  After Effects ray-traced 3D renderer unless you already know for certain that you have a need for it. Since you're asking, it seems that the answer is that you don't.
    See this page for information about hardware for Premiere Pro and After Effects: http://adobe.ly/pRYOuk

  • Connecting SG300-10P to another SG300-10P

    please forgive the newbie question but trying to upgrade/expand my network beyond the simple linksys switch i currently use. 
    what is the proper way to connect a second SG300-10P to the system?
    current configuration is:
    cable modem to Cisco Router RV042G.  Router port 1 to SG300-10P port G9 (the switch is located in another room)
    from the SG300-10P i have ethernet cables (Cat 5) running throughout the building
    in another room, i would like to add another SG300-10P.  do i connect from the ethernet jack in that room to port G1-G8 or do i connect to the G9 link port?
    thanks

    Hi Lee, it generally doesn't matter. The reason it matters interconnecting these switches is because the POE is designed to work with older Cisco POE devices and the connection will detect a valid resistance and attempt to supply power to the switch which in turn may give adverse affects.
    -Tom
    Please mark answered for helpful posts

  • SG300-10P LACP and PoE

    Hi
    I am using SG300-10 and connected it to two SG200 with LACP and PoE
    When I tried to use ssh client to check poe status via cli, the switch suddenly rebooted.
    After this, the poe is dead.
    I reset the switch, reconfigured the settings but ..
    as soon as I set GE1+GE2 to a LACP group,
    the SG200-8 connected to GE1+GE2 is down, lost power
    when I remove the GE1+GE2 from LACP group, the poe is back ...
    same to any other port.
    only ports that not in LACP listed in "Port Management" "PoE" "Settings"
    is the hardware damanged? I am using the lasted 1.3.0.62 firmware.
    The physical connected is:
    L3 Mode
    GE1+GE2 = LACP <---> SG200-8 nr1
    GE3+GE4 = LACP <---> SG200-8 nr2
    GE5 <---> my pc
    Thanks for any hint/help!

    Thanks for the advice.
    I came home today and found out a power outage happened and somehow the SG300-10P stopped working partly, any device not directly connected to it can't ping the switch or communicated to it or its conncted devices. (even after reboot)
    So I decieded to reset it to the factory default and manually reapply all the setting from my memory, because last few times I tried to use backuped config file, it ended badly. ( the firmware is already updated to latest)
    After that, I followed your advice and set GE1 PoE active and GE2 PoE off, and so on, now both SG200-8 and SLM2008 are getting power from port GE1 and GE3.
    Still, as soon as I add a port to a LACP group, it will disappear from "
    Port Management", "PoE", "Settings" page ..., is that a normal behavior? or is it a problem on SG200 or/and SLM2008?

Maybe you are looking for

  • Release 12 installation problem on SuSe 9

    Hi All, I am trying to install Release 12 Vision on SuSe 9 Server. In the Middle of installation, I am getting this error. RW - 50004: Error code received when running external process. Check log files for details. Running database install driver for

  • Table image not linking in html object

    I have created a table in Dreamweaver and verified that it is correct by previewing in several browsers. Once I paste it into Muse however, an image that loads fine from Dreamweaver becomes a question mark in Muse layout and published views. Here is

  • Reg:Tax code validity period

    Hi All For the condition type jmop for the key combination tax code i'm not getting the validity period I have checked the 1. condition type jmop (val dt from & Val dt To) 2.access secequence In Fv11 i'm not getting it Plz guide me

  • Is my Mac compatible w/OS X Mavericks?

    On Apple's website it says that the following Mac models are compatible with OS X Mavericks: MacBook Pro (Mid/Late 2007 or newer) I have a Macbook Pro and I believe I purchased it around 2007. It was when the dual processors came out on Macs. Current

  • Nested vectors problem

    Hi, I'm having a bit of a problem trying to create a vector within a vector. I am parsing a string and adding the elements to a vector. Then after I've done this I want to add the newly populated vector to another vector, then clear the original vect