How to block through UPM ?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I would like to log the port block and MAC address through the UPM through the Mac OUI. Thank you for the UPM setting example.
For example, if you want to block Mac OUI: 00-01-13,
Please.
Photo of jeon min

jeon min

  • 380 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
HI Jeon,

Please clarify if you want to block a mac address through UPM or log the event that a mac address is blocked.
If you want to log the event, please provide information about how the mac address is blocked? is it through ACL?

Looking forward to your answers!
Photo of jeon min

jeon min

  • 380 Points 250 badge 2x thumb
I am trying to block mac oui from 00-01-13(ex:MAC Address OUI) mac addresses. The workaround is to display the logged ports information and MAC address of the blocked and blocked devices through UPM scripting.
(Edited)
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.
Photo of jeon min

jeon min

  • 380 Points 250 badge 2x thumb
May I ask you to give me a sample of what to do with your Mac tracking UPM configuration?
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
This example mails the log event, but instead of mailing with the script, the script could do a CLI to block the mac.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Here is an example configuration  that assumes the blocking ACL is created outside the UPM profile and is then applied by the UPM profile.

This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.

This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.


## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "


#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
   config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.

# mac-tracking configuration

configure fdb mac-tracking ports 1-2

configure log filter DefaultFilter add events FDB.MACTracking.MACAdd 
configure log filter DefaultFilter add events FDB.MACTracking.MACMove 
configure log filter DefaultFilter add events FDB.MACTracking.MACDel


# Module ems configuration.
#

create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd 
configure log filter block_mac add events FDB.MACTracking.MACMove 
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac
Photo of jeon min

jeon min

  • 380 Points 250 badge 2x thumb
Thanks for the example. Let's test it on the equipment.