Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

blacklist mac address

This thread has been viewed 11 times

  • 1.  blacklist mac address

    Posted Sep 20, 2018 09:36 PM

    Hey Guys,

     

    I have some teachers that are plugging in their personal machines into my network.  I have just installed Aruba 2530s and an Aruba 3810 at this site and am looking for a way to blackhole/blacklist them from a particular vlan given the mac address.  I come from using extreme where i was firmilar with how to blackhole the device, but i dont see anything so far on how to achieve this with Aruba.

     

    Thanks!



  • 2.  RE: blacklist mac address

    Posted Sep 21, 2018 08:23 AM

    Hi,

     

    globally on a switch you could use MAC Lockout. Butr that will lockout the client from all ports and VLANs. (see Access Security Guide, Configuring and Monitoring Port Security, MAC Lockout)

     

    On 3810 you could use MAC-ACLs. But as far as I know, this is available at 2540 and up.. so no choice on your 2530. (described also in Access Security Guide).

     

    Maybe someone else knows a solution for 2530...

     

    ---------------------------

     

    Different approach: If you can follow security best practices and use a whitelist approach, you wouldn't need to blacklist. Authenticate users / MAC addresses by using a RADIUS server and send back the VLAN, the user shall be assigned to.

    Better security, but of course a lot more effort...

     

    Regards, Jörg