Mini Howto for a simple way to block a MAC address on Extreme Network switches

September 12, 2015

Yesterday I needed to block a MAC address on an Extreme Networks switch (XOS) … sure, I could write an ACL for this but there is a better way:

To block a MAC address:

create fdbentry aa:bb:cc:dd:ee:ff vlan <VlanName> blackhole

To unblock a MAC address:

delete fdbentry aa:bb:cc:dd:ee:ff vlan <VlanName> blackhole

8 Comments »

thanks

Comment by Easy Live Trade — January 6, 2016 #
I was able to create fdbentry but cannot use the blackhole command.

create fdbentry 78:xx:xx:FF vlan ABCD ports 1:16 <— Ok

create fdbentry 78:xx:xx:FF vlan ABCD ports 1:16 blackhole <— Error

FYI, I'm doing this on x480e XOS ver 12.0.3

Need your advice. THanks.

Comment by Effendy — February 6, 2016 #
12.0.3 is really old, 15.x or later is current. I’m even not sure you can update the firmware in one jump from so an old version.

Comment by robert — February 6, 2016 #
Hi Effendy, use create:
fdbentry aa:bb:cc:dd:ee:ff vlan blackhole

Note that ports are not included.

example: create fdbentry ac:46:fb:a0:3f:43 vlan “sales” blackhole

Comment by Thomas — February 17, 2016 #
Hi, I use this:

create fdbentry aa:bb:cc:dd:ee:ff vlan “VLAN_NAME” blackhole

But, extreme switch says me that blackhole word is wrong.

%% Invalid input detected

Thanks

Comment by Jaime Baez — November 15, 2016 #
Which switch and which EXOS version?

Comment by robert — November 16, 2016 #
Thanks! Worked a treat to prevent a user from connecting their personal laptop to the company LAN.

Comment by wrx7m — February 23, 2017 #
On my 5520 running EXOS 31.x:

create fdb xx:xx… vlan “NAME” blackhole

Comment by Frank M — March 6, 2023 #