Locking a device to a specific port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-02-2018 01:39 PM
We have a customer who wants to lock specific MAC addresses to specific ports as a form of location tracking.
They want 10:20:30:40:50:ab to only be able to connect to ABC MDF port 1:1.
Is there a way to accomplish this in XOS on X460s and X440s?
Does any vendor support something like this? Not looking to sell another product, but hoping I can say the desired behavior is not an option on any vendors equipment.
As I currently understand it MAC locking does not work that way. I believe it works more like the example provided below.
10:20:30:40:50:ab is the only MAC allowed on ABC MDF port 1:1
10:20:30:40:50:ab is still able to connect to ABC IDF-1 port 2:2
They want 10:20:30:40:50:ab to only be able to connect to ABC MDF port 1:1.
Is there a way to accomplish this in XOS on X460s and X440s?
Does any vendor support something like this? Not looking to sell another product, but hoping I can say the desired behavior is not an option on any vendors equipment.
As I currently understand it MAC locking does not work that way. I believe it works more like the example provided below.
10:20:30:40:50:ab is the only MAC allowed on ABC MDF port 1:1
10:20:30:40:50:ab is still able to connect to ABC IDF-1 port 2:2
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-03-2018 09:55 AM
In addition the below can also be very suitable for dropping all the other packets except the static fdb.
disable learning drop-packets ports 1
drop-packets Drop packets with unknown source MAC addresses
disable learning drop-packets ports 1
drop-packets Drop packets with unknown source MAC addresses
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-03-2018 09:49 AM
Hi David,
This may suit the requirement but needs a lot of manual configuration, please test and see if this helps.
create fdb 10:20:30:40:50:ab vlan "phone" ports 1
disable learning ports 1
https://documentation.extremenetworks.com/exos_commands_22.1/exos_21_1/exos_commands_all/r_disable-l...
This may suit the requirement but needs a lot of manual configuration, please test and see if this helps.
create fdb 10:20:30:40:50:ab vlan "phone" ports 1
disable learning ports 1
https://documentation.extremenetworks.com/exos_commands_22.1/exos_21_1/exos_commands_all/r_disable-l...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-03-2018 09:49 AM
I've tried it and that looks like it could work on the same switch = static > dynamic learning but what about in a network with more then 1 switch.
e.g. create the static entry on switch#1 but connect the device to switch#3.
In that case switch#3 uses the dynamic learned local MAC and not what was learned via the trunk to switch #1.
e.g. create the static entry on switch#1 but connect the device to switch#3.
In that case switch#3 uses the dynamic learned local MAC and not what was learned via the trunk to switch #1.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-03-2018 09:49 AM
That doens't prevent the user to plug the device to port#2 which is what the customer requires - right ?!
