This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

block mac address command in switch XOS CLI

block mac address command in switch XOS CLI

Bobby
New Contributor II

‎06-01-2017 11:55 AM

I took over an existing enterprise size extreme network, been getting already that people have threats basically sending to third world country IPs. There is not much on the GUI and been trying to hunt down the command to block the mac address in CLI. I do see that were is a blackhole vlan, Im guessing it needs to be put into that vlan. Any info helps thanks!
0 Kudos
4 REPLIES 4

Brian_Austin
Extreme Employee

‎06-01-2017 01:25 PM

Bobby,

it shouldn't matter if you make it ingress or egress however you should also be able to track down what port its coming in by using the command:

show iparp 01:00:5E:00:E0:F1

that way you can block the mac address at it's source instead of trying to catch it later in the network.
0 Kudos

Bobby
New Contributor II

‎06-01-2017 01:08 PM

sweet thanks!

Does it matter if its egress or ingress?
0 Kudos

Ty_Izzet
Extreme Employee

‎06-01-2017 01:01 PM

Bobby,

You could create an access list to block the offending MAC on a port or VLAN. The following is an example of the ACL:

entry block_MAC {
if {
ethernet-source-address
code:
01:00:5E:00:E0:F1
;
} then {
deny;
}
}

The following article explains how to create and apply the ACL to a port or VLAN:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
0 Kudos

Mrxlazuardin
New Contributor III
In response to Ty_Izzet

‎06-01-2017 01:01 PM

Hi Taykin,

How will XOS process the MAC blocking by using ACL, CPU based or ASIC based? Using blackhole is processed by ASIC right? Unfortunately, I don't know how to use blackhole without specifying the VLAN or make it works to al VLANs.

Best regards,
0 Kudos
GTM-P2G8KFN