cancel
Showing results for 
Search instead for 
Did you mean: 

block mac address command in switch XOS CLI

block mac address command in switch XOS CLI

Bobby
New Contributor II
I took over an existing enterprise size extreme network, been getting already that people have threats basically sending to third world country IPs. There is not much on the GUI and been trying to hunt down the command to block the mac address in CLI. I do see that were is a blackhole vlan, Im guessing it needs to be put into that vlan. Any info helps thanks!
4 REPLIES 4

Brian_Austin
Extreme Employee
Bobby,

it shouldn't matter if you make it ingress or egress however you should also be able to track down what port its coming in by using the command:

show iparp 01:00:5E:00:E0:F1

that way you can block the mac address at it's source instead of trying to catch it later in the network.

Bobby
New Contributor II
sweet thanks!

Does it matter if its egress or ingress?

Ty_Izzet
Extreme Employee
Bobby,

You could create an access list to block the offending MAC on a port or VLAN. The following is an example of the ACL:

entry block_MAC {
if {
ethernet-source-address
code:
01:00:5E:00:E0:F1
;
} then {
deny;
}
}

The following article explains how to create and apply the ACL to a port or VLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS

Hi Taykin,

How will XOS process the MAC blocking by using ACL, CPU based or ASIC based? Using blackhole is processed by ASIC right? Unfortunately, I don't know how to use blackhole without specifying the VLAN or make it works to al VLANs.

Best regards,
GTM-P2G8KFN