How to block through UPM ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-20-2017 11:21 PM
I would like to log the port block and MAC address through the UPM through the Mac OUI. Thank you for the UPM setting example.
For example, if you want to block Mac OUI: 00-01-13,
Please.
For example, if you want to block Mac OUI: 00-01-13,
Please.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-21-2017 05:32 AM
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-21-2017 05:32 AM
Thanks for the example. Let's test it on the equipment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-21-2017 05:32 AM
Here is an example configuration that assumes the blocking ACL is created outside the UPM profile and is then applied by the UPM profile.
This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.
This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.
## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "
#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.
# mac-tracking configuration
configure fdb mac-tracking ports 1-2
configure log filter DefaultFilter add events FDB.MACTracking.MACAdd
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add events FDB.MACTracking.MACDel
# Module ems configuration.
#
create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd
configure log filter block_mac add events FDB.MACTracking.MACMove
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac
This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.
This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.
## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "
#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.
# mac-tracking configuration
configure fdb mac-tracking ports 1-2
configure log filter DefaultFilter add events FDB.MACTracking.MACAdd
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add events FDB.MACTracking.MACDel
# Module ems configuration.
#
create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd
configure log filter block_mac add events FDB.MACTracking.MACMove
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-21-2017 05:32 AM
This example mails the log event, but instead of mailing with the script, the script could do a CLI to block the mac.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event