- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- blocking a specific MAC address
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2015 03:33 PM
10-23-2015 03:33 PM
Hi,
We are using ProCurve 2530s and E3800 as our core switch.
What I am wondering is how to block a specific MAC address? As of right now we allow whatever to be plugged into a network port. However, we have one user who moves from office to office regularly and we want to be able to block his personal hub.
I have read the documentatio about allowing certain MAC addresses but what about blocking instead?
TIA
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2015 08:05 PM
10-23-2015 08:05 PM
SolutionHello. There is "lockout-mac":
HP-2920-48G(config)# lockout-mac help
Usage: [no] lockout-mac <MAC-ADDR>
Description: Lock out a MAC address. The switch drops all traffic to or from
the locked out address.
HP-2920-48G(config)# lockout-mac 000203-000001
W 01/01/90 03:49:24 00594 maclock: 13: 000203-000001 detected on port 13
W 01/01/90 03:49:24 00595 maclock: 13: Ceasing lock-out logs for 5m
It's not very sophisticated and there are obvious ways around it, but it does what you were asking for.
Hope that help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-26-2015 08:56 AM
10-26-2015 08:56 AM
Re: blocking a specific MAC address
Thanks! That will do nicely in this scenario.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-26-2015 03:50 PM
10-26-2015 03:50 PM
Re: blocking a specific MAC address
Another option is to enable MAC security and to set the maximum MAC addresses allowed per port to 1.
port-security 1-48
learn-mode static
address-limit 1
So if somebody connects a hub, the hub will use the 1 available MAC address for the port so no further devices patched to the hub will get connectivity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-26-2015 04:24 PM
10-26-2015 04:24 PM
Re: blocking a specific MAC address
Thanks!
That is very cool! Good to have that in my bag of tricks as well.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP