cancel
Showing results for 
Search instead for 
Did you mean: 

How i can enable access list using only mac address to ssh login

How i can enable access list using only mac address to ssh login

Adnan
New Contributor
Hello

i would like to enable access list using mac address of certain PC

i am asking because i used the same code of access list using only ip address

i used this code

entry AllowManagementIP { if match any { ethernet-source-address F8:A7:BC:E0:D1:AE; } then { permit; } } and it didnt work still eny pc can login using ssh i did refresh policy cammand still the same problem
21 REPLIES 21

Adnan
New Contributor
The pc and vlan have the same subnet

Erik_Auerswald
Contributor II
Hi,

is the PC in the same subnet as the switch? Otherwise the connection will be across a router (or layer 3 switch) and the MAC address seen at the switch you want to log into is the router's MAC address.

Anyway, I am not sure that if you can use a MAC address match for the SSH access profile. The command reference says:
Match conditions:
  • Source-address—IPv4 and IPv6
  • Actions—Permit or Deny
The GTAC Knowledge articles pertaining to an SSH access profile mention IP addresses only as well:
Thanks,
Erik

Adnan
New Contributor
my switches are X250e-48pt i update the firmware from 12.5.4.5 to 15.3.5.2 and i install ssh moudel to install ssh is it related or something

and thanks for help

Best

AnonymousM
Valued Contributor II
Hm....that's strange. You should log a case with GTAC and have them look into the switch. I am sure it is just a small thing that needs to be changed. They could have a remote session with you and figure it out.
GTM-P2G8KFN