How to block through UPM ?

  • 21 February 2017
  • 7 replies
  • 216 views

I would like to log the port block and MAC address through the UPM through the Mac OUI. Thank you for the UPM setting example.
For example, if you want to block Mac OUI: 00-01-13,
Please.

7 replies

Userlevel 6
HI Jeon,

Please clarify if you want to block a mac address through UPM or log the event that a mac address is blocked.
If you want to log the event, please provide information about how the mac address is blocked? is it through ACL?

Looking forward to your answers!
HI Jeon,

Please clarify if you want to block a mac address through UPM or log the event that a mac address is blocked.
If you want to log the event, please provide information about how the mac address is blocked? is it through ACL?

Looking forward to your answers!
I am trying to block mac oui from 00-01-13(ex:MAC Address OUI) mac addresses. The workaround is to display the logged ports information and MAC address of the blocked and blocked devices through UPM scripting.
Userlevel 6
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.May I ask you to give me a sample of what to do with your Mac tracking UPM configuration?
Userlevel 6
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.This example mails the log event, but instead of mailing with the script, the script could do a CLI to block the mac.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event
Userlevel 4
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.Here is an example configuration that assumes the blocking ACL is created outside the UPM profile and is then applied by the UPM profile.

This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.

This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.

## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "

#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.

# mac-tracking configuration

configure fdb mac-tracking ports 1-2

configure log filter DefaultFilter add events FDB.MACTracking.MACAdd
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add events FDB.MACTracking.MACDel

# Module ems configuration.
#

create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd
configure log filter block_mac add events FDB.MACTracking.MACMove
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.Thanks for the example. Let's test it on the equipment.

Reply