HPE Community
Switches, Hubs, and Modems
1752806 Members
5825 Online
108789 Solutions
New Discussion юеВ

Re: lockout-mac issues

 
KSimpson
Frequent Advisor

тАО06-23-2009 10:26 AM

тАО06-23-2009 10:26 AM

lockout-mac issues

Hello all,

I have a rogue dhcp device that keeps connecting to my network and issuing bogus IP addresses. To prevent this, I issued the lockout-mac command on a set of switches. The device was connected again today and started issuing IP addresses. This is on the HP 2810 models.

After this occured, I checked the logs and it logged the mac adddress but it didn't block or lock it out.

I decided to set up a test switch to test this command because it's not doing what I'm thinking it's suppose to do.

The security and access documentation explains that if a device who mac address is listed as a lockout-mac device, the traffic to and from that device is discarded.

In my test, I added my laptop mac address to my test switch. (lockout-mac XX:XX:XX:XX:XX:XX)
When I connected my laptop to the switch, I recieve the following in the logs...

"W 06/23/09 12:27:38 maclock: backplane: Ceasing lock-out logs for 1h
W 06/23/09 12:27:38 maclock: backplane: 001f29-9fe234 detected on port 33
W 06/23/09 12:22:19 maclock: backplane: Ceasing lock-out logs for 5m
W 06/23/09 12:22:19 maclock: backplane: 001f29-9fe234 detected on port 33
I 06/23/09 12:22:15 ports: port 33 is now on-line"


I see that it detects the mac address and then it ceases the logs but doesn't lockout the device. After I plug it in, the latop still recieved an IP address and was able to communicate on the network. I also had a contious ping setup to verfy the communication.

If I unplug the device and connect it again, nothing about the mac address is logged. I believe this has to do with the ceasingof the logs and it does it in 5 mins, 1 hour, 1 day if the mac is still connected.

Anyways, my main concern is why is my laptop still able to communicate if it's "supposed" to be lock out or blocked?

Thanks,
0 Kudos
4 REPLIES 4
SjoerdvW
Advisor

тАО06-24-2009 03:32 AM

тАО06-24-2009 03:32 AM

Re: lockout-mac issues

Tested this on a Procurve 2810-24G.
The strange thing is that I don't see anything in the log, but my ping times out as soon as i add the rule. (and replys as soon as i remove it).

Witch firmware are you running?
0 Kudos
KSimpson
Frequent Advisor

тАО06-24-2009 04:50 AM

тАО06-24-2009 04:50 AM

Re: lockout-mac issues



It's at N11.15. According to PCM, this is the most currently unless a new release was put out within the last week or so.

0 Kudos
KSimpson
Frequent Advisor

тАО06-24-2009 05:33 AM

тАО06-24-2009 05:33 AM

Re: lockout-mac issues

Apparently, something wasn't configured correctly. I've tried it again this morning on a 2810 and a 2650. The 2810 did exactly what you expereinced plus one log entry. The 2650 seems to have issues with this command as it allows icmp traffic trhough.

Thanks for your input!

0 Kudos
KSimpson
Frequent Advisor

тАО06-24-2009 05:33 AM

тАО06-24-2009 05:33 AM

Re: lockout-mac issues

Closed.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.