This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to block through UPM ?

How to block through UPM ?

jeon_min
New Contributor II

‎02-20-2017 11:21 PM

I would like to log the port block and MAC address through the UPM through the Mac OUI. Thank you for the UPM setting example.
For example, if you want to block Mac OUI: 00-01-13,
Please.
0 Kudos
7 REPLIES 7

OscarK
Extreme Employee

‎02-21-2017 05:32 AM

I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.
0 Kudos

jeon_min
New Contributor II
In response to OscarK

‎02-21-2017 05:32 AM

Thanks for the example. Let's test it on the equipment.
0 Kudos

Matthew_Helm1
Extreme Employee
In response to OscarK

‎02-21-2017 05:32 AM

Here is an example configuration that assumes the blocking ACL is created outside the UPM profile and is then applied by the UPM profile.

This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.

This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.

## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "

#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.

# mac-tracking configuration

configure fdb mac-tracking ports 1-2

configure log filter DefaultFilter add events FDB.MACTracking.MACAdd
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add events FDB.MACTracking.MACDel

# Module ems configuration.
#

create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd
configure log filter block_mac add events FDB.MACTracking.MACMove
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac
0 Kudos

OscarK
Extreme Employee
In response to OscarK

‎02-21-2017 05:32 AM

This example mails the log event, but instead of mailing with the script, the script could do a CLI to block the mac.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event

0 Kudos
GTM-P2G8KFN