Banning a single Mac Address from a 1900 or 2900 Series Cisco Switch.

Discussion in 'Networking' started by james23, Aug 31, 2016.

  1. james23

    james23 Active Member

    Joined:
    Nov 18, 2014
    Messages:
    401
    Likes Received:
    66
    Hi,

    My goal is to block all traffic or to shutdown a switch port (or otherwise block), if a specific mac-address is plugged into the switch.

    (for background, my exact scenario is, at times a user will plug in a rogue dhcp server, at which point my router sends me an alert- i then remotely track down the specific switch port the user plugged the rogue dhcp server into and then shutdown that switch port, until i get a phone call ( "my internet/wall jack isnt working!" )- Id much rather be able to block the mac address of that rogue dhcp servers Ethernet port (usually the LAN port(s) on a wifi router), so that the user will hopefully try other Ethernet ports on their router (until they find the proper WAN/Internet port, which they should have been using all along) - or the user will try other non dhcp-server devices, both of which could avoid a phone call to network support, which is the result when their port is fully shutdown )



    All of my research has lead me to examples or solutions on other models of Cisco switches with this command (this command, if it worked on my version/model, would accomplish my goal):

    mac-address-table static C056.27C5.3E2A fastEthernet 0/22 vlan 1 drop
    however on my switch when i try to get this command here are the results:

    ARW_3548(config)#mac-address-table static 00e0.b8b8.1c61 ? <cr>
    FastEthernet FastEthernet IEEE 802.3

    ARW_3548(config)#mac-address-table static 00e0.b8b8.1c61 fastEthernet 0/22 ? <cr>
    FastEthernet FastEthernet IEEE 802.3
    vlan vlan name


    ARW_3548(config)#mac-address-table static 00e0.b8b8.1c61 fastEthernet 0/22 vlan 2 ? <cr>

    (hitting enter to execute the command will add an entry to my running-config, but it does not block the mac-address in any way)​



    Static / dynamic or sticky port security, doesn't seem to address my specific issue either (my issue being knowing a mac-address that you want to block, ahead of time)



    can anyone help with this or point me in the right direction? There just must be a way to block a Mac Address from even these earlier cisco 2924 swtiches. Thanks



    Relevant Version info Output of # Sh Ver from my switch (i also have 1900 series switches in use):

    IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE
    System image file is "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"

    cisco WS-C2924-XL
     
    #1
  2. djflow195

    djflow195 Member

    Joined:
    Jan 1, 2016
    Messages:
    42
    Likes Received:
    8
  3. james23

    james23 Active Member

    Joined:
    Nov 18, 2014
    Messages:
    401
    Likes Received:
    66
    i think you have hit the nail on the head (these cisco SW im suing are just too old, they are some of the first 100 mbit Cisco SWs and soe are even 10 mbit still), + every other solution ive found to banning a mac address ( which should be somewhat common a goal) seems to be for a cisco SW one model / revision newer than what im dealing with... My CLI always is missing that one last part of the command that i need, so think its just too old a switch.

    for anyone else looking to do this (and who has a newer cisco SW than 2924 or 2950s ) here is what i had in my notes from researching this prior to posting here:

    from my notes:


    thanks
     
    #3
    Last edited: Sep 18, 2016
  4. Terry Kennedy

    Terry Kennedy Well-Known Member

    Joined:
    Jun 25, 2015
    Messages:
    1,016
    Likes Received:
    473
    The 2900XL's have been completely obsolete for years now. I believe the last release was 12.0(5)WC17 from February 13, 2007 (any builds beyond that were one-offs for large customers with custom maintenance agreements). And that didn't run on some older 2900XL's. There were 3 versions of the 2900XL hardware, which can be distinguished by the color of the port number labels. I think the sequence (from oldest to newest) was no color (just molded-in numbers), white, and yellow. The older versions had very poor throughput and could not sustain an aggregate performance of even 200Mbit/sec. And that's with ASIC-based switching*.

    I just took a look at that code, and all I can say is "yikes". It dates from the beginning of the "thousand kingdoms" IOS era, and it never got any fixes from either other platforms or newer IOS versions. I can see a couple system crashers in there, some of which don't even require command-line access to the switch (it can be crashed by network packets originated elsewhere).

    * The processor on a 2900XL is a very low-end PowerPC and once it loads the code for the ASICs, it spends most of its time (30% to 50%) just fiddling the front panel LEDs. The only part of packet processing it gets involved with is some support for spanning tree. That's also why the port capabilities on this switch are so limited - the ports only support what the ASICs were designed to do, and the IOS image can't add support for things not already handled by the ASICs.
     
    #4

Share This Page