2.6. Ensuring only known devices can use a network
The switch menu sequence:
Security → ACL → Basic → MAC Rules
could be used to check the ACL. In the resulting MAC Rules screen the switch assigned name ACL Wizard MAC 0
appeared in the ACL Name pull down menu. The Rule Table part of the screen showed details of the
ACL entered. The switch menu sequence:
Security → ACL → Basic → MAC Binding Configuration
produced the MAC Binding Configuration screen, the Interface Binding Status part of which
verified the port assignment of the ACL.
The other ACL required for this security design again was commenced using the switch menu sequence:
Security → ACL
The same entries were again used but 4 was assigned to the Rule ID and the Destination MAC was
set to 28:c6:8e:d5:ed:08 which corresponded to the NAS.
Under the Binding Configuration part of the screen, the port assignment to 19 was made under
Unit 1 tag.
This new ACL was verified as before usin the switch menu sequences:
Security → ACL → Basic → MAC Rules
and
Security → ACL → Basic → MAC Binding Configuration
In each of these screens the switch defined name ACL Wizard MAC 1 of the second ACL was used to
reference the ACL information.
The security design was then complete.
2.6.4 Implementation Alternative 2
In this alternative more detail could be provided if required. As this exercise shows such detail can be
little more than required with Alternative 1. The switch menu sequence:
Security → ACL → Basic → MAC ACL
brought up the MAC ACL screen. Into the Name field of the MAC ACL Table on that screen the text
nas-pc1 was typed. This was to be the title for the PC 1 to NAS rule. The ADD button at the bottom of
the screen was then clicked to register this title. The text printer-pc2 was then typed into the Name
field and the ADD key clicked to register this title as that of the PC 2 to printer rule. After pressing the
ADD key, the new title was added to the list below the MAC-ACL Table label.
For creation of the rules for the ACLs just formed the switch menu sequence:
Security → ACL → Basic → MAC Rules
brought up the required MAC Rules screen. From the ACL Name pull down menu the printer-pc2
was selected ((this was the default). The value 2 was typed into the ID window of the Rule Table
and Permit selected from the pull down menu of the Action window. Then Falsewas selected from
the pull down menu of the Match Every window. The printer’s MAC address d0:bf:9c:bd:4b:4d
was typed into the Destination MAC window and 00:00:00:00:00:00 into the Destination
MAC Mask window. Finally the value 12 was typed into the VLAN window before clicking the ADD
button at the bottom of the screen.
For the next rule the name nac-pc2 was selected from the ACL Name pull down menu. The value 4
was typed into the ID window, Permit was selected from the Action window’s pull down menu,
and False was selected from the Match Every pull down menu. The URL 29:c6:8e:d5:ed:08
of the NAS was typed into the Destination MAC window and 00:00:00:00:00:00 typed into the
Destination MAC Mask. The value 12 was typed into the VLAN window before clicking the ADD
button. This completed the rule creation required for this security design.
18
To Next Page
Loading...
