block mac address command in switch XOS CLI


I took over an existing enterprise size extreme network, been getting already that people have threats basically sending to third world country IPs. There is not much on the GUI and been trying to hunt down the command to block the mac address in CLI. I do see that were is a blackhole vlan, Im guessing it needs to be put into that vlan. Any info helps thanks!

4 replies

Userlevel 5
Bobby,

You could create an access list to block the offending MAC on a port or VLAN. The following is an example of the ACL:

entry block_MAC {
if {
ethernet-source-address
code:
01:00:5E:00:E0:F1
;
} then {
deny;
}
}

The following article explains how to create and apply the ACL to a port or VLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
Userlevel 2
Ty Izzet wrote:

Bobby,

You could create an access list to block the offending MAC on a port or VLAN. The following is an example of the ACL:

entry block_MAC {
if {
ethernet-source-address

code:
01:00:5E:00:E0:F1
;
} then {
deny;
}
}

The following article explains how to create and apply the ACL to a port or VLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS

Hi Taykin,

How will XOS process the MAC blocking by using ACL, CPU based or ASIC based? Using blackhole is processed by ASIC right? Unfortunately, I don't know how to use blackhole without specifying the VLAN or make it works to al VLANs.

Best regards,
sweet thanks!

Does it matter if its egress or ingress?
Userlevel 2
Bobby,

it shouldn't matter if you make it ingress or egress however you should also be able to track down what port its coming in by using the command:

show iparp 01:00:5E:00:E0:F1

that way you can block the mac address at it's source instead of trying to catch it later in the network.

Reply