Hello all,
I have a rogue dhcp device that keeps connecting to my network and issuing bogus IP addresses. To prevent this, I issued the lockout-mac command on a set of switches. The device was connected again today and started issuing IP addresses. This is on the HP 2810 models.
After this occured, I checked the logs and it logged the mac adddress but it didn't block or lock it out.
I decided to set up a test switch to test this command because it's not doing what I'm thinking it's suppose to do.
The security and access documentation explains that if a device who mac address is listed as a lockout-mac device, the traffic to and from that device is discarded.
In my test, I added my laptop mac address to my test switch. (lockout-mac XX:XX:XX:XX:XX:XX)
When I connected my laptop to the switch, I recieve the following in the logs...
"W 06/23/09 12:27:38 maclock: backplane: Ceasing lock-out logs for 1h
W 06/23/09 12:27:38 maclock: backplane: 001f29-9fe234 detected on port 33
W 06/23/09 12:22:19 maclock: backplane: Ceasing lock-out logs for 5m
W 06/23/09 12:22:19 maclock: backplane: 001f29-9fe234 detected on port 33
I 06/23/09 12:22:15 ports: port 33 is now on-line"
I see that it detects the mac address and then it ceases the logs but doesn't lockout the device. After I plug it in, the latop still recieved an IP address and was able to communicate on the network. I also had a contious ping setup to verfy the communication.
If I unplug the device and connect it again, nothing about the mac address is logged. I believe this has to do with the ceasingof the logs and it does it in 5 mins, 1 hour, 1 day if the mac is still connected.
Anyways, my main concern is why is my laptop still able to communicate if it's "supposed" to be lock out or blocked?
Thanks,