ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

blocking a specific MAC address

SOLVED
Go to solution
Tim Turay
Advisor

blocking a specific MAC address

Hi,

 

We are using ProCurve 2530s and E3800 as our core switch.

 

What I am wondering is how to block a specific MAC address?  As of right now we allow whatever to be plugged into a network port.  However, we have one user who moves from office to office regularly and we want to be able to block his personal hub. 

 

I have read the documentatio about allowing certain MAC addresses but what about blocking instead?

 

TIA

4 REPLIES
Michael Patmon
Trusted Contributor
Solution

Re: blocking a specific MAC address

Hello.  There is "lockout-mac":

 

HP-2920-48G(config)# lockout-mac help
Usage: [no] lockout-mac <MAC-ADDR>

Description: Lock out a MAC address. The switch drops all traffic to or from
             the locked out address.

 

HP-2920-48G(config)# lockout-mac 000203-000001

W 01/01/90 03:49:24 00594 maclock: 13: 000203-000001 detected on port 13
W 01/01/90 03:49:24 00595 maclock: 13: Ceasing lock-out logs for 5m

 

 

It's not very sophisticated and there are obvious ways around it, but it does what you were asking for.

 

Hope that help.

Tim Turay
Advisor

Re: blocking a specific MAC address

Thanks!  That will do nicely in this scenario.

Vince-Whirlwind
Honored Contributor

Re: blocking a specific MAC address

Another option is to enable MAC security and to set the maximum MAC addresses allowed per port to 1.

port-security 1-48

learn-mode static

address-limit 1

 

So if somebody connects a hub, the hub will use the 1 available MAC address for the port so no further devices patched to the hub will get connectivity.

Tim Turay
Advisor

Re: blocking a specific MAC address

Thanks!

 

That is very cool!  Good to have that in my bag of tricks as well.