block mac address command in switch XOS CLI

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I took over an existing enterprise size extreme network, been getting already that people have threats basically sending to third world country IPs. There is not much on the GUI and been trying to hunt down the command to block the mac address in CLI.  I do see that were is a blackhole vlan, Im guessing it needs to be put into that vlan. Any info helps thanks!
Photo of Bobby

Bobby

  • 210 Points 100 badge 2x thumb
  • annoyed

Posted 1 year ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 3,246 Points 3k badge 2x thumb
Bobby,

You could create an access list to block the offending MAC on a port or VLAN. The following is an example of the ACL:


entry block_MAC {
if {
ethernet-source-address 01:00:5E:00:E0:F1;
} then {
deny;
}
}

The following article explains how to create and apply the ACL to a port or VLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
Photo of Mrxlazuardin

Mrxlazuardin

  • 1,534 Points 1k badge 2x thumb
Hi Taykin,

How will XOS process the MAC blocking by using ACL, CPU based or ASIC based? Using blackhole is processed by ASIC right? Unfortunately, I don't know how to use blackhole without specifying the VLAN or make it works to al VLANs.

Best regards,
Photo of Bobby

Bobby

  • 210 Points 100 badge 2x thumb
sweet thanks!

Does it matter if its egress or ingress?
(Edited)
Photo of Brian Austin

Brian Austin, Employee

  • 452 Points 250 badge 2x thumb
Bobby,

it shouldn't matter if you make it ingress or egress however you should also be able to track down what port its coming in by using the command:

show iparp 01:00:5E:00:E0:F1 

that way you can block the mac address at it's source instead of trying to catch it later in the network.