2.6. Ensuring only known devices can use a network
The switch menu sequence:
Security
→
ACL
→
Basic
→
MAC Rules
could be used to check the ACL. In the resulting
MAC Rules
screen the switch assigned name
ACL Wizard MAC 0
appeared in the
ACL Name
pull down menu. The
Rule Table
part of the screen showed details of the
ACL entered. The switch menu sequence:
Security
→
ACL
→
Basic
→
MAC Binding Configuration
produced the
MAC Binding Configuration
screen, the
Interface Binding Status
part of which
verified the port assignment of the ACL.
The other ACL required for this security design again was commenced using the switch menu sequence:
Security
→
ACL
The same entries were again used but 4 was assigned to the
Rule ID
and the
Destination MAC
was
set to
28:c6:8e:d5:ed:08
which corresponded to the NAS.
Under the
Binding Configuration
part of the screen, the port assignment to 19 was made under
Unit 1
tag.
This new ACL was verified as before usin the switch menu sequences:
Security
→
ACL
→
Basic
→
MAC Rules
and
Security
→
ACL
→
Basic
→
MAC Binding Configuration
In each of these screens the switch defined name
ACL Wizard MAC 1
of the second ACL was used to
reference the ACL information.
The security design was then complete.
2.6.4
Implementation Alternative 2
In this alternative more detail could be provided if required. As this exercise shows such detail can be
little more than required with Alternative 1. The switch menu sequence:
Security
→
ACL
→
Basic
→
MAC ACL
brought up the
MAC ACL
screen. Into the
Name
field of the
MAC ACL Table
on that screen the text
nas-pc1
was typed. This was to be the title for the PC 1 to NAS rule. The
ADD
button at the bottom of
the screen was then clicked to register this title. The text
printer-pc2
was then typed into the
Name
field and the
ADD
key clicked to register this title as that of the PC 2 to printer rule. After pressing the
ADD
key, the new title was added to the list below the
MAC-ACL Table
label.
For creation of the rules for the ACLs just formed the switch menu sequence:
Security
→
ACL
→
Basic
→
MAC Rules
brought up the required
MAC Rules
screen. From the
ACL Name
pull down menu the
printer-pc2
was selected ((this was the default). The value 2 was typed into the
ID
window of the
Rule Table
and
Permit
selected from the pull down menu of the
Action
window. Then
False
was selected from
the pull down menu of the
Match Every
window. The printer’s MAC address
d0:bf:9c:bd:4b:4d
was typed into the
Destination MAC
window and
00:00:00:00:00:00
into the
Destination
MAC Mask
window. Finally the value 12 was typed into the
VLAN
window before clicking the
ADD
button at the bottom of the screen.
For the next rule the name
nac-pc2
was selected from the
ACL Name
pull down menu. The value 4
was typed into the
ID
window,
Permit
was selected from the
Action
window’s pull down menu,
and
False
was selected from the
Match Every
pull down menu. The URL
29:c6:8e:d5:ed:08
of the NAS was typed into the
Destination MAC
window and
00:00:00:00:00:00
typed into the
Destination MAC Mask
. The value 12 was typed into the
VLAN
window before clicking the
ADD
button. This completed the rule creation required for this security design.
18
