Access Control
MAC-Based ACLs Creation
400 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
22
MAC-based ACE
NOTE Each MAC-based rule consumes one TCAM rule. Note that the TCAM allocation is performed
in couples, such that, for the first ACE, 2 TCAM rules are allocated and the second TCAM rule
is allocated to the next ACE, and so forth.
To add rules (ACEs) to an ACL:
STEP 1 Click Access Control > Mac-Based ACE.
STEP 2 Select an ACL, and click Go. The ACEs in the ACL are listed.
STEP 3 Click Add.
STEP 4 Enter the parameters.
• ACL Name—Displays the name of the ACL to which an ACE is being added.
• Priority—Enter the priority of the ACE. ACEs with higher priority are processed first.
One is the highest priority.
• Action—Select the action taken upon a match. The options are:
- Permit—Forward packets that meet the ACE criteria.
- Deny—Drop packets that meet the ACE criteria.
- Shutdown—Drop packets that meet the ACE criteria, and disable the port from
where the packets received. Such ports can be reactivated from the Error Recovery
Settings page.
• Logging—Select to enable logging ACL flows that match the ACL rule.
• Time Range—Select to enable limiting the use of the ACL to a specific time range.
• Time Range Name—If Time Range is selected, select the time range to be used. Time
ranges are defined in the System Time Configuration section.
• Destination MAC Address—Select Any if all destination addresses are acceptable or
User defined to enter a destination address or a range of destination addresses.
• Destination MAC Address Value—Enter the MAC address to which the destination
MAC address is to be matched and its mask (if relevant).
• Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet mask. Here,
setting a bit as 1 indicates don't care and 0 indicates to mask that value.
To Next Page
Loading...
Need help?
General
