Access Control
Defining MAC-based ACLs
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3 464
24
• Time Range Name—If Time Range is selected, select the time range to be
used. Time ranges are defined in the Time Range section.
• Destination MAC Address—Select Any if all destination addresses are
acceptable or User defined to enter a destination address or a range of
destination addresses.
• Destination MAC Address Value—Enter the MAC address to which the
destination MAC address is to be matched and its mask (if relevant).
• Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet
mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask
that value.
NOTE Given a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which
means that you match on the bits where there is 0 and don't match on the bits
where there are 1's). You need to translate the 1's to a decimal integer and
you write 0 for each four zeros. In this example since 1111 1111 = 255, the
mask would be written: as 0.0.0.255.
• Source MAC Address—Select Any if all source address are acceptable or
User defined to enter a source address or range of source addresses.
• Source MAC Address Value—Enter the MAC address to which the source
MAC address is to be matched and its mask (if relevant).
• Source MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses.
• VLAN ID—Enter the VLAN ID section of the VLAN tag to match.
• 802.1p—Select Include to use 802.1p.
• 802.1p Value—Enter the 802.1p value to be added to the VPT tag.
• 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
• Ethertype—Enter the frame Ethertype to be matched.
STEP 5 Click Apply. The MAC-based ACE is saved to the Running Configuration file.
To Next Page
Loading...
