Is there somehow to block mac address based on acl or other method on Enterasys S8?


I'm trying to block a certain mac address on my switch core (Enterasys S8) but until now I've no success.

I tried to use the "BlackHole" method:

set vlan create 999
set vlan name "BLACK HOLE"
set vlan dynamicegress 999 enable
set vlan association mac 00112233445566 999 <--repeat this for each banned MAC, where of course I'm using 00112233445566 as the example

But there is no command set vlan association on this switch.

So I was wondering if there is somehow to block that specific mac based on ACL or some other technique.

Best Regards,

Michel Braga Guimarães

1 reply

Userlevel 2
Hello Michel,

The best way to do this on the S-Series would be to use Policy. The following config should work to block any MAC address you specify.

set policy profile [profile_index] name [policy_name] pvid-status enable pvid 0
set policy rule admin-profile macsource [MAC address - xx-xx-xx-xx-xx-xx] mask 48 admin-pid [profile_index]

I hope this helps.

Best Regards,

Steve Geisser
Extreme GTAC

Reply