Access Control
MAC-based ACLs
585 Cisco 500 Series Stackable Managed Switch Administration Guide
27
STEP 1 Click Access Control > Mac-Based ACE.
STEP 2 Select an ACL, and click Go. The ACEs in the ACL are listed.
STEP 3 Click Add.
STEP 4 Enter the parameters.
• ACL Name—Displays the name of the ACL to which an ACE is being added.
• Priority—Enter the priority of the ACE. ACEs with higher priority are
processed first. One is the highest priority.
• Action—Select the action taken upon a match. The options are:
-
Permit
—Forward packets that meet the ACE criteria.
-
Deny
—Drop packets that meet the ACE criteria.
-
Shutdown
—Drop packets that meet the ACE criteria, and disable the port
from where the packets were received. Such ports can be reactivated
from the Port Settings page.
• Logging—Select to enable logging ACL flows that match the ACL rule.
• Time Range—Select to enable limiting the use of the ACL to a specific time
range.
• Time Range Name—If Time Range is selected, select the time range to be
used. Time ranges are defined in the Configuring System Time section.
• Destination MAC Address—Select Any if all destination addresses are
acceptable or User defined to enter a destination address or a range of
destination addresses.
• Destination MAC Address Value—Enter the MAC address to which the
destination MAC address is to be matched and its mask (if relevant).
• Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet
mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask
that value.
NOTE Given a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which
means that you match on the bits where there is 0 and don't match on the bits
where there are 1's). You need to translate the 1's to a decimal integer and you
write 0 for each four zeros. In this example since 1111 1111 = 255, the mask
would be written: as 0.0.0.255.
To Next Page
Loading...
