Configuring Device Security
Defining Access Control
Page 56
The
MAC Based ACL Page
contains the following fields:
•
ACL Name
— Displays the specific MAC based ACLs.
•
Remove ACL
— Deletes the specified ACL. The possible field values are:
–
Checked
— Deletes the ACL when user clicks the
Apply
button.
–
Unchecked
— Maintains the ACL.
•
Priority
— Indicates the ACE priority, which determines which ACE is matched to a packet on a first-match
basis. The possible field values are 1-2147483647.
•
Source MAC Address
— Matches the source MAC address from which packets are addressed to the ACE.
•
Source MAC Mask
— Indicates the source MAC Address wild card mask. Wildcards are used to mask all or
part of a source MAC Address. Wild card masks specify which octets are used and which octets are ignored.
A wild card mask of ff:ff:ff:ff:ff:ff indicates that no octet is important. A wildcard of 00:00:00:00:00:00 indicates
that all the octets are important. For example, if the source MAC address 09:00:07:A9:B2:EB and the wildcard
mask is 00:ff:00:ff:00:ff, the 1st, 3rd, and 5th octets of the MAC address are checked, while the 2nd, 4th, and
6th octets are ignored.
•
Destination MAC Address
— Matches the destination MAC address to which packets are addressed to the
ACE.
•
Destination MAC Mask
— Indicates the destination MAC Address wild card mask. Wildcards are used to
mask all or part of a destination MAC Address. Wild card masks specify which octets are used and which
octets are ignored. A wild card mask of ff:ff:ff:ff:ff:ff indicates that no octet is important. A wildcard of
00:00:00:00:00:00 indicates that all the octets are important. For example, if the destination IP address
09:00:07:A9:B2:EB and the wildcard mask is 00:ff:00:ff:00:ff, the 1st, 3rd, and 5th octets of the MAC address
are checked, while the 2nd, 4th, and 6th octets are ignored.
•
VLAN ID
— Matches the packet’s VLAN ID to the ACE. The possible field values are 1 to 4093.
•
CoS
— Class of Service of the packet.
•
CoS Mask
— Wildcard bits to be applied to the CoS.
•
Ether Type
— The Ethernet type of the packet.
•
Action
— Indicates the ACL forwarding action. For example, the port can be shut down, a trap can be sent to
the network administrator, or packet is assigned rate limiting restrictions for forwarding. Possible field values
are:
–
Permit
— Forwards packets which meet the ACL criteria.
–
Deny
— Drops packets which meet the ACL criteria.
–
Shutdown
— Drops packet that meet the ACL criteria, and disables the port to which the packet was
addressed. Ports are reactivated from the
Port Setting Configuration Page
.
•
Delete
— To remove an ACE, click the ACE’s checkbox and click the
Delete
button.
2.
Click the
Add ACL
button. The
Add MAC Based ACL Page
opens:
