- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Deny All Mac Except Allow List
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2021 03:52 AM
03-01-2021 03:52 AM
Deny All Mac Except Allow List
Hi,
We have HP 5412Rzl2 Core and 2910 Access Switches and we need to deny all the mac addresses except all domain-connected pcs and known devices. Is it possible to achieve this kind of setup?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2021 10:55 AM
03-02-2021 10:55 AM
Re: Deny All Mac Except Allow List
Hello,
There are different options to achieve this. Both switches support port-access options like 802.1x and mac-authentication. The port will only allow a device if 802.1x or MAC authentication using a RADIUS server is succesfull. If you use this option in user-based mode (specifying client limit) the port will allow traffic only from the MAC addresses of the authenticated devices. This is the most secure option (especially 802.1x) but it requires a RADIUS server and a user database like AD. You can find more details in the Access Security Guide (ASG) of your switch
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091309en_us
A simpler option is port-security. Port security maintains a list of allowed MAC addresses on a per port basis. This list can be populated either dynamically or statically. You can specify different actions if an unauthorized MAC appears on the port, send alarm and disable it, only send alarm or none. YOu can find more about port-security here or also in the ASG.
5406 supports MAC ACLs but this doesnt scale if you want to protect every single port of the switch..
Maybe local MAC authentication can also be an option if a RADIUS server is not available. It is also described in the ASG