Header Only - DO NOT REMOVE - Extreme Networks

How to block specified MAC on B5


Hi, I have B5's working with NetSight 5. It is possible to block specified devices (by MAC) on ethernet port? Due to authentication quantity restrictions of devices (4) I must restrict some unnecessary devices on one port.

7 replies

Userlevel 2
There are several solutions available. Our Network Access Control solution allows you to lock a mac to a specific port, preventing it from roaming elsewhere on the network. MAC Locking is available to lock specific MACs to a port and set the amount of MACs allowed to a specific number. Managing MAC locking is done via our Policy Manager application and a video is currently being produced to demonstrate the feature and it's capability. Our policy solution provides for a policy role to be applied to a port that will allow you to specify a MAC address to be blocked on that port. Below is a link to our youtube video which goes over a basic Policy Manager implementation: http://www.youtube.com/watch?v=2UkXuoMPbrU&list=PL4A31CD3CEF34A7B3 You may want to contact our GTAC or open an on-line case for further discussion of which solution would work best for you.
Userlevel 2
When Mac Locking is enabled at the port level there are two settings to be concerned about. The first is the number of dynamically locked Mac addresses. The default setting of 600 in Policy Manager allows up to 600 MAC addresses to come into the port as "First Arrival" addresses. These may be moved to static by a single button push or by manually adding them to the table. Once you've learned all the mac addresses that you want on a port and have pushed them to Static, you can set dynamic to zero. Once the zero value is applied, this will only allow the statically locked macs on the port. Any others that try to come in will not be learned and their traffic discarded. The other setting is the number of statically locked MAC addresses allowed on this device type and the range is controlled through the port properties screen. We expect our video to be up on youtube within 24 hours to demonstrate this functionality and showing the screens where these settings are configured. A MAC address should only show up once in the Locked Mac Address table. Please make sure that both your firmware and Netsight versions are up to date. If they are and the problem persists, we'll want to pursue this behavior further via a GTAC case.
Userlevel 2
As discussed, here's the link to the MAC locking video now up on YouTube;

http://youtu.be/SHZV1nvNarM
My doubts stemmed from a misunderstanding of the NetSight Help.
The feature name "LOCK" suggests that everything on the list is LOCKED, but it is exactly the opposite: listed MAC addresses are allowed and not listed are rejected.
Thomas, thank you for your help.
hello the VIDEO it is not avalaible, I need to block an speficif MAC addres in a B3 a C3 Enterasys Swicht. Please can you re-upload de video or tell me the command to filter it ?

Thanks
Userlevel 4
Apologies for the broken link.
The video "
code:

How to Configure Mac Locking with Policy Manager

" is now located at
https://www.youtube.com/watch?v=c0HF0WSQ3zA&list=PLvQMiI4QwvHQwOaZg76o0s3b4y_pFj3kj&index=1.

Reply