cancel
Showing results for 
Search instead for 
Did you mean: 

Locking a device to a specific port

Locking a device to a specific port

davidj_cogliane
Contributor
We have a customer who wants to lock specific MAC addresses to specific ports as a form of location tracking.
They want 10:20:30:40:50:ab to only be able to connect to ABC MDF port 1:1.
Is there a way to accomplish this in XOS on X460s and X440s?

Does any vendor support something like this? Not looking to sell another product, but hoping I can say the desired behavior is not an option on any vendors equipment.

As I currently understand it MAC locking does not work that way. I believe it works more like the example provided below.
10:20:30:40:50:ab is the only MAC allowed on ABC MDF port 1:1

10:20:30:40:50:ab is still able to connect to ABC IDF-1 port 2:2
14 REPLIES 14

Karthik_Mohando
Extreme Employee
In addition the below can also be very suitable for dropping all the other packets except the static fdb.
disable learning drop-packets ports 1
drop-packets Drop packets with unknown source MAC addresses

Karthik_Mohando
Extreme Employee
Hi David,

This may suit the requirement but needs a lot of manual configuration, please test and see if this helps.

create fdb 10:20:30:40:50:ab vlan "phone" ports 1
disable learning ports 1

https://documentation.extremenetworks.com/exos_commands_22.1/exos_21_1/exos_commands_all/r_disable-l...

I've tried it and that looks like it could work on the same switch = static > dynamic learning but what about in a network with more then 1 switch.

e.g. create the static entry on switch#1 but connect the device to switch#3.
In that case switch#3 uses the dynamic learned local MAC and not what was learned via the trunk to switch #1.

That doens't prevent the user to plug the device to port#2 which is what the customer requires - right ?!
GTM-P2G8KFN