- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: lockout-mac issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2009 10:26 AM
тАО06-23-2009 10:26 AM
lockout-mac issues
I have a rogue dhcp device that keeps connecting to my network and issuing bogus IP addresses. To prevent this, I issued the lockout-mac command on a set of switches. The device was connected again today and started issuing IP addresses. This is on the HP 2810 models.
After this occured, I checked the logs and it logged the mac adddress but it didn't block or lock it out.
I decided to set up a test switch to test this command because it's not doing what I'm thinking it's suppose to do.
The security and access documentation explains that if a device who mac address is listed as a lockout-mac device, the traffic to and from that device is discarded.
In my test, I added my laptop mac address to my test switch. (lockout-mac XX:XX:XX:XX:XX:XX)
When I connected my laptop to the switch, I recieve the following in the logs...
"W 06/23/09 12:27:38 maclock: backplane: Ceasing lock-out logs for 1h
W 06/23/09 12:27:38 maclock: backplane: 001f29-9fe234 detected on port 33
W 06/23/09 12:22:19 maclock: backplane: Ceasing lock-out logs for 5m
W 06/23/09 12:22:19 maclock: backplane: 001f29-9fe234 detected on port 33
I 06/23/09 12:22:15 ports: port 33 is now on-line"
I see that it detects the mac address and then it ceases the logs but doesn't lockout the device. After I plug it in, the latop still recieved an IP address and was able to communicate on the network. I also had a contious ping setup to verfy the communication.
If I unplug the device and connect it again, nothing about the mac address is logged. I believe this has to do with the ceasingof the logs and it does it in 5 mins, 1 hour, 1 day if the mac is still connected.
Anyways, my main concern is why is my laptop still able to communicate if it's "supposed" to be lock out or blocked?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 03:32 AM
тАО06-24-2009 03:32 AM
Re: lockout-mac issues
The strange thing is that I don't see anything in the log, but my ping times out as soon as i add the rule. (and replys as soon as i remove it).
Witch firmware are you running?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 04:50 AM
тАО06-24-2009 04:50 AM
Re: lockout-mac issues
It's at N11.15. According to PCM, this is the most currently unless a new release was put out within the last week or so.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 05:33 AM
тАО06-24-2009 05:33 AM
Re: lockout-mac issues
Thanks for your input!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 05:33 AM
тАО06-24-2009 05:33 AM