cancel
Showing results for 
Search instead for 
Did you mean: 

How to block a list of Mac-Addresses on Enterasys Switches (CLI)

How to block a list of Mac-Addresses on Enterasys Switches (CLI)

Michel_Braga_Gu
New Contributor
I received a task to "block" a list of mac addresses on my environment, and I don't know how to do it on Enterasys CLI (C3 and A2 models). I've watched the video where shows how to do it using MACLOCK on Netsight, but unfortunately I don't have this software here. Could someone help me with this issue?

I already appreciate any help!
3 REPLIES 3

Jason_Parker
Contributor
also a video on What is SpanGuard and How To Configure it on Enterasys Switches
by Jason Parker
https://www.youtube.com/watch?v=euUa_5Rv-Uc

Paul_Bell
New Contributor
MACLOCK is one way to do it but it has a lot of other effects that you may be after....and in the end it does not actually block any MAC addresses. The way I have handled this is to create a "Black Hole" VLAN -- in my case I use 999 -- to nowhere and then create MAC-to-VLAN associations on the switch stack. This way, whenever a device with a banned MAC connects, it's associated with a VLAN that has no routing, no DHCP, etc.

Here's the config:

set vlan create 999
set vlan name "BLACK HOLE"
set vlan dynamicegress 999 enable
set vlan association mac 00112233445566 999 <--repeat this for each banned MAC, where of course I'm using 00112233445566 as the example

Hope this helps.

Bruno2
New Contributor
Hello Guimaraes.Make sure you know all the uplink in the disered switch and DO NOT apply the bellow configs to a link that connects to other switches.

set maclock enable
set maclock trap ge.X.X enable violation

set spantree adminedge ge.X.X true

set maclock enable ge.X.X

set maclock firstarrival ge.X.X 1

To know who is connected to who use:

show neighbors

In case of duvidas im glad to help.

GTM-P2G8KFN