cancel
Showing results for 
Search instead for 
Did you mean: 

How to block through UPM ?

How to block through UPM ?

jeon_min
New Contributor II
I would like to log the port block and MAC address through the UPM through the Mac OUI. Thank you for the UPM setting example.
For example, if you want to block Mac OUI: 00-01-13,
Please.
7 REPLIES 7

OscarK
Extreme Employee
I think easiest method would be using UPM to act on an log event (like mac tracking events) and then add a dynamic ACL or blackhole fdb entry.

jeon_min
New Contributor II
Thanks for the example. Let's test it on the equipment.

Here is an example configuration that assumes the blocking ACL is created outside the UPM profile and is then applied by the UPM profile.

This example does not remove the ACL in response to a MAC deletion or move event. This might be something worth doing using a separate UPM profile.

This was tested using 22.1.1.5. Let me know if you have trouble with it or have questions.

## Module acl configuration.
#
create access-list block_mac " ethernet-source-address 08:00:27:00:00:00 mask FF:FF:FF:00:00:00 " " deny "

#
# Module upm configuration.
#
create upm profile block_mac
set var t $TCL(regexp {08:00:27} ${EVENT.LOG_PARAM_0})
if $t then
config access-list add "block_mac" first port $(EVENT.LOG_PARAM_2)
endif
.

# mac-tracking configuration

configure fdb mac-tracking ports 1-2

configure log filter DefaultFilter add events FDB.MACTracking.MACAdd
configure log filter DefaultFilter add events FDB.MACTracking.MACMove
configure log filter DefaultFilter add events FDB.MACTracking.MACDel

# Module ems configuration.
#

create log filter block_mac
configure log filter block_mac add events FDB.MACTracking.MACAdd
configure log filter block_mac add events FDB.MACTracking.MACMove
create log target upm block_mac
configure log target upm block_mac filter block_mac
enable log target upm block_mac

OscarK
Extreme Employee
This example mails the log event, but instead of mailing with the script, the script could do a CLI to block the mac.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/Email_event

GTM-P2G8KFN