Aruba & ProVision-based
Showing results for 
Search instead for 
Did you mean: 

blocking a specific MAC address

Go to solution

blocking a specific MAC address



We are using ProCurve 2530s and E3800 as our core switch.


What I am wondering is how to block a specific MAC address?  As of right now we allow whatever to be plugged into a network port.  However, we have one user who moves from office to office regularly and we want to be able to block his personal hub. 


I have read the documentatio about allowing certain MAC addresses but what about blocking instead?



Trusted Contributor

Re: blocking a specific MAC address

Hello.  There is "lockout-mac":


HP-2920-48G(config)# lockout-mac help
Usage: [no] lockout-mac <MAC-ADDR>

Description: Lock out a MAC address. The switch drops all traffic to or from
             the locked out address.


HP-2920-48G(config)# lockout-mac 000203-000001

W 01/01/90 03:49:24 00594 maclock: 13: 000203-000001 detected on port 13
W 01/01/90 03:49:24 00595 maclock: 13: Ceasing lock-out logs for 5m



It's not very sophisticated and there are obvious ways around it, but it does what you were asking for.


Hope that help.


Re: blocking a specific MAC address

Thanks!  That will do nicely in this scenario.

Honored Contributor

Re: blocking a specific MAC address

Another option is to enable MAC security and to set the maximum MAC addresses allowed per port to 1.

port-security 1-48

learn-mode static

address-limit 1


So if somebody connects a hub, the hub will use the 1 available MAC address for the port so no further devices patched to the hub will get connectivity.


Re: blocking a specific MAC address



That is very cool!  Good to have that in my bag of tricks as well.