- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Deny All Mac Except Allow List
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-01-2021 03:52 AM
03-01-2021 03:52 AM
Deny All Mac Except Allow List
Hi,
We have HP 5412Rzl2 Core and 2910 Access Switches and we need to deny all the mac addresses except all domain-connected pcs and known devices. Is it possible to achieve this kind of setup?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-02-2021 10:55 AM
03-02-2021 10:55 AM
Re: Deny All Mac Except Allow List
Hello,
There are different options to achieve this. Both switches support port-access options like 802.1x and mac-authentication. The port will only allow a device if 802.1x or MAC authentication using a RADIUS server is succesfull. If you use this option in user-based mode (specifying client limit) the port will allow traffic only from the MAC addresses of the authenticated devices. This is the most secure option (especially 802.1x) but it requires a RADIUS server and a user database like AD. You can find more details in the Access Security Guide (ASG) of your switch
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091309en_us
A simpler option is port-security. Port security maintains a list of allowed MAC addresses on a per port basis. This list can be populated either dynamically or statically. You can specify different actions if an unauthorized MAC appears on the port, send alarm and disable it, only send alarm or none. YOu can find more about port-security here or also in the ASG.
5406 supports MAC ACLs but this doesnt scale if you want to protect every single port of the switch..
Maybe local MAC authentication can also be an option if a RADIUS server is not available. It is also described in the ASG
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP