Applying Extreme switch policy to block MAC address

Problem Description :

Can be used if need to block a MAC address from accessing network (OIIT abuse report, etc) arises.

Resolution :

Create/enable policy file (TELNET to switch)

1) edit policy policy_file_name

2) use vi commands to create policy using exampe below. Multple MACs can be in one file.

entry Block_MAC {

if {

ethernet-source-address 00:d0:59:15:49:40;

} then {

deny;

log;

}

3) After saving, should see file (ls command) named policy_file_name.pol

4) Enable policy with command

configure access-list "policy_file_name" ports <ports list>

configure access-list "policy_file_name" any (applies to all ports)

Disable policy file

1) enter command unconfigure access-list "policy_file_name" ingress

Refresh edited policy

1) enter command refresh policy policy_file_name

Check policy for errors

1) enter command check policy policy_file_name {access-list}

Show policies configured

1) enter command show access-list

Additional Rule Syntax - http://documentation.extremenetworks.com/exos/EXOS_All/ACL/c_match-conditions.shtml

http://documentation.extremenetworks.com/exos/EXOS_All/ACL/c_actions.shtml

Revision Date : 2/12/2016