I've applied following config to the cat3750POE switch:
mac access-list extended Allowed_MACs permit host 0007.3bc2.a111 any permit host 001d.0900.8a14 any permit host 0007.3bc2.4da4 any permit host 0007.3bc2.3fea any deny any any
interface range FastEthernet1/0/25 - 30 [CUT] mac access-group OpenSpace_HotDesks_Allowed in
To problem is that I'm still able to get IP address from DHCP server - ip helper address is configured. Further access (pings/traceroute/tcp/udp) is blocked as excpected.
Is it a default behaviour or a bug? I suspect ip helper address catching DHCP messages before the MAC ACL.
I would like to make complete traffic filtering based on MACs without ability to get IP from DHCP. Also I want users to be able to plug into any of those 5 ports with MAC listed on the ACL.
Any ideas?