Simple MAC Filter

Post Reply
dstrait
Member
Posts: 3
Joined: 30 Jun 2017 17:28

Simple MAC Filter

Post by dstrait » 11 Jan 2019 15:03

I have several OS6450-10 switches out in the field. I am needing to lock these down so that only certain devices are allowed to link up, based off the MAC address. There are only 2-8 devices, depending on the location. Any device not on the ACL needs to be ignored. I have decided Radius is not the way to go, for various reasons.

What would be the quickest way to do this? I've done some reading on Port-Security, but have had issues trying to get it working.

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1247
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Simple MAC Filter

Post by silvio » 12 Jan 2019 08:27

in this case there are two easy solutions: policy or vlan rule at mobile ports. With Portsecurity you fix the mac to specific ports.

1. Policy:
policy port group ACCESS ....
policy mac group MAC-OK ....
policy condition MAC-OK source port group ACCESS source mac group MAC-OK
policy condition MAC-NOK source port group ACCESS
policy action ALLOW
policy action DENY disposition ....
policy rule MAC-OK condition MAC-OK action ALLOW precedence 100
policy rule MAC-NOK condition MAC-NOK action DENY precedence 50
qos apply
OR 2:
vlan port mobile 1/1-8
vlan 99 name Quarantine
vlan 5 name Data
vlan 99 port default 1/1-8
vlan 5 mac ....
vlan 5 mac .... (for all the good MAC)

best regards
Silvio

Post Reply

Return to “OmniSwitch 6450”