Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Early Access] MS390 & Catalyst 9300-M: MAC Allow List & Sticky MAC Allow List

Minyi
Meraki Employee
Meraki Employee
‎Mar 11 2024 2:27 PM
‎Mar 11 2024 2:27 PM

We are excited to extend the features of the MAC Allow List and Sticky MAC Allow List to MS390 and Catalyst 9300-M switches. MAC Allow List and Sticky MAC Allow List are currently supported on Meraki Switches (MS). With this early access, users will be able to extend the configurations and settings to their Catalyst-based switches.   

 

Navigate to Organization > Early Access page, and toggle “Opt-in” now.  

 

What are the MAC Allow List and Sticky MAC Allow List? 

 

MAC Allow List provides users the ability to configure a static set of MACs that are allowed to pass traffic through the switch port. Any traffic sourced from other MAC addresses is dropped.

 

Sticky MAC Allow List allows you to configure a list of MACs that are allowed to pass traffic through the switch port, but adds the ability for the switch port to dynamically learn a certain number of MAC addresses, as well as or permit MACs that are entered statically into the MAC allow List. The MACs learned dynamically through Sticky MAC will persist through reboots and will not need to be re-learned.

 

How does it work?

 

MAC Allow List

MAC allow list allows up to 20 static MAC addresses to be configured. MAC addresses may be entered in aa:bb:cc:dd:ee:ff format or aaaa.bbbb.cccc format.

 

Configuration:

  • Navigate to Switching > Monitor > Switches and select your switch.
  •  In the mimic panel, select the switch port to configure and then click the pencil icon in the Configuration section.
  • Navigate to the Access Policy drop-down field and Select MAC Allow List
  • Enter up to 20 MAC addresses to allow on the switch port and click UpdateMinyi_1-1710192259115.png

Sticky MAC allow list:

Sticky MAC allow list also allows users to configure between 1-20 MAC addresses,  but also allows the switch port to dynamically learn MAC addresses of any devices connected, up to a defined limit of MAC addresses. For example if you set the number of Sticky MACs to 5 and program 1 in the allow list, the next 4 MACs that are dynamically learned will be programmed into the stick MAC list. Any MACs learned after this will be denied access to that specific port.

 

Configuration:

  • Navigate to Switching > Monitor > Switches and select your switch. In the mimic panel, Select the port to configure and then click the pencil icon in the Configuration section.
  • Navigate to the Access Policy drop-down field and Select Sticky MAC allow List.
  • Enter a maximum number (between 1-20) of MAC addresses to learn and allow on the switch port.
  • (Optional) Enter any static MACs to allow on the interface in the Allow Listed MACs field.

Minyi_2-1710192268409.jpeg

 

How to opt-in? 

Navigate to Organization > Early Access, find MS390 & C9300-M: MAC Allow List & Sticky MAC Allow list and toggle “Opt-in".

 

Please note that Sticky MAC on MS390 and C9300-M switches requires CS16 firmware or greater.

 

How to submit feedback? 

Please leverage the ‘Give your feedback’ (previously Make a Wish)  button on the dashboard and let us know if you have any feedback. 

 

Learn more

Port configuration on Switch Ports documentation

Subscribe
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.