Solved: blocking a specific MAC address

Tim Turay · ‎10-23-2015

Hi,

We are using ProCurve 2530s and E3800 as our core switch.

What I am wondering is how to block a specific MAC address? As of right now we allow whatever to be plugged into a network port. However, we have one user who moves from office to office regularly and we want to be able to block his personal hub.

I have read the documentatio about allowing certain MAC addresses but what about blocking instead?

TIA

Michael Patmon · ‎10-23-2015

Hello. There is "lockout-mac":

HP-2920-48G(config)# lockout-mac help
Usage: [no] lockout-mac <MAC-ADDR>

Description: Lock out a MAC address. The switch drops all traffic to or from
the locked out address.

HP-2920-48G(config)# lockout-mac 000203-000001

W 01/01/90 03:49:24 00594 maclock: 13: 000203-000001 detected on port 13
W 01/01/90 03:49:24 00595 maclock: 13: Ceasing lock-out logs for 5m

It's not very sophisticated and there are obvious ways around it, but it does what you were asking for.

Hope that help.

Tim Turay · ‎10-26-2015

Thanks! That will do nicely in this scenario.

Vince-Whirlwind · ‎10-26-2015

Another option is to enable MAC security and to set the maximum MAC addresses allowed per port to 1.

port-security 1-48

learn-mode static

address-limit 1

So if somebody connects a hub, the hub will use the 1 available MAC address for the port so no further devices patched to the hub will get connectivity.

Tim Turay · ‎10-26-2015

Thanks!

That is very cool! Good to have that in my bag of tricks as well.

blocking a specific MAC address

blocking a specific MAC address

Re: blocking a specific MAC address

Re: blocking a specific MAC address

Re: blocking a specific MAC address

Re: blocking a specific MAC address

Hewlett Packard Enterprise International