I have an Alcatel switch running OS8, and I want to restrict access to specific MAC addresses per port. My goal is to create a list of allowed MAC addresses on a given port so that only these devices can connect.
I tried using the following commands:
port-security port 1/1/1 admin-state enable
port-security port 1/1/1 maximum 3
port-security port 1/1/1 max-filtering 0
port-security port 1/1/1 violation shutdown
But I noticed that the command to manually assign MAC addresses, such as:
port-security port 1/1/1 mac 00:11:22:33:44:55 vlan 1
does not exist.
I also saw that mac-range is available, but my MAC addresses are not consecutive, so I can’t use it.
How can I manually define multiple specific MAC addresses per port? Is there another method to achieve this on OS8?
That’s weird! The command “port-security port 1/1/1 mac 22:22:22:22:22:22 vlan 123” does exist:
→ port-security port 1/1/1 m
mac mac-range max-filtering maximum
→ port-security port 1/1/1 mac mac-address
→ port-security port 1/1/1 mac 22:22:22:22:22:22 vlan vlan
As for the range, you can have a total of 8 ranges per port with:
port-security port 1/1/4 mac-range low 12:34:56:00:00:00 high 12:34:56:ff:ff:ff
Try upgrading it to the latest version then
EDIT:
If that doesn’t work, there’s other alternatives like using UNP.
This would make an IF/THEN rule where if MAC A B or C, go to vlan 1 (the vlan you need), if NOT, go into a ‘dead-end’ vlan
Thanks for your suggestion! I updated the switch to the latest version and then checked the available options. That resolved my issue. Thanks a lot!
→ port-security port 1/1/1
admin-state mac maximum
convert-to-static mac-range pkt-relay
learn-trap-threshold max-filtering violation
→ sh microcode
/flash/working
Package Release Size Description
-----------------±------------------------±--------±----------------------------------
Uos.img 8.10.105.R02 162324102 Alcatel-Lucent OS
