[Juniper] EX-2200 Drop MAC-Address

先建立防火牆規則,並設定要阻擋的MAC-Address

admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 from source-mac-address 00:11:22:aa:bb:cc
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 then discard
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term accept-all then accept

接下來設定一個名為allport的interface-range,用來把filter input到各個interface上

admin@EX2200# set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/23
admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan43

最後把filter input到interface-range上,並儲存設定

admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching filter input mac-filter43
admin@EX2200# commit

收工

[Cisco] Drop mac address

在管理網路有時會發現有人接了不知名的設備在網路上
設了同樣的IP而發生IP衝突
這時候要先讓原本的機器恢復正常的話就先把未知MAC鎖起來
查ARP找出佔用IP的MAC

Cisco-3750G#sh arp | inc 49.19
Internet  192.168.49.19           0   9c10.7699.8f00  ARPA   Vlan49

 
鎖MAC

Cisco-3750G#conf t
Cisco-3750G(config)#mac address-table static 9c10.7699.8f00 vlan 49 drop

 

有些機器指令有點不一樣,像6503前面mac與address-table中間是用「-」連起來的

Cisco-6503(config)#mac-address-table static 9c10.7699.8f00 vlan 49 drop