- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- automating mac lockout
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-07-2009 09:52 AM
11-07-2009 09:52 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-09-2009 12:30 AM
11-09-2009 12:30 AM
Re: automating mac lockout
You can test by downloading the 60 day trial from the procurve website.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-09-2009 06:27 AM
11-09-2009 06:27 AM
Re: automating mac lockout
I have looked at the events entry but do not see anything that records the mac address of a device connecting to a switch. Is there a log file that shows more detailed information?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-09-2009 04:49 PM
11-09-2009 04:49 PM
Re: automating mac lockout
So in the case of NIM 2.0, you have several triggers like NBAD (Network Behavior Anomaly Detection), external IPS/IDS, or other applications which can be used to perform actions like Mac-lockout, rate limiting or configuring vlans.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-09-2009 08:26 PM
11-09-2009 08:26 PM
Re: automating mac lockout
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-10-2009 04:28 PM
11-10-2009 04:28 PM
Re: automating mac lockout
Reading: http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S16_ProCurve-NIM-policy-mgmt-final-093008.pdf
http://www.procurve.com/NR/rdonlyres/4C3E6B65-86EA-4436-AEED-ADCF4AA75EBB/0/NetworkImmunityManagerEventInterpretationTechBrief_Dec_07_WW_Eng_A4.pdf?jumpid=reg_R1002_USEN
If you clarify what your goal is, then we can search for a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-11-2009 06:28 AM
11-11-2009 06:28 AM
Re: automating mac lockout
or, be able to automatically enable a port in a specified time period after the number of devices that can attach to a port has been exceeded.
Similar to specifying the number of devices that can attach to a switch port before an action is taken. Problem with this approach is I have to manually remove the flag and enable the port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-11-2009 12:05 PM
11-11-2009 12:05 PM
Solutionansw: at the moment a little complicated to create, but it should be possible in the future with a new enhanced scripting engine in PCM3. For now you can manual enable and disable mac lockout.
or, be able to automatically enable a port in a specified time period after the number of devices that can attach to a port has been exceeded.
answ: maybe port security can help with a continous learnmode of a number of max clients
switch (config)# port-security 1 address-limit 8 learnmode limited continuous
The 9th client will be disabled.
Similar to specifying the number of devices that can attach to a switch port before an action is taken. Problem with this approach is I have to manually remove the flag and enable the port.
answ: see response to your 2nd question
Maybe another idea is to use mac authentication. In this case only registered mac adresses are allowed and unwanted mac adresses can be moved to a policy with less bandwith and/or restricted resource availability. Like internet only. unknown adresses are handled in a separate part of the network or not granted for access.
Sietze
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-11-2009 12:38 PM
11-11-2009 12:38 PM
Re: automating mac lockout
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP