Configuring MAC-based ACEs

To add rules (ACEs) to a MAC-based ACL:

  1. Click Access Control > MAC-Based ACE.
  2. Select a MAC-based ACL, and click Go. All currently defined MAC-based ACEs in the ACL are listed.
  3. To add a rule (ACE) for the selected ACL, click Add.
  4. Enter the following information:
    • ACL Name—Displays the name of the ACL to which the ACE is being added.
    • Priority—Enter the priority of the ACE. ACEs with higher priority are processed first. One is the highest priority.
    • Action—Select the action taken upon a match. The options are:
      • Permit—Forwards packets that meet the ACE criteria.
      • Deny—Drops packets that meet the ACE criteria.
      • Shutdown—Drops packets that meet the ACE criteria, and disables the port from where the packets were received. These ports can be reactivated on the Port Management > Error Recovery Settings page.
    • Destination MAC Address—Select Any if all destination addresses are acceptable, or select User Defined to enter a destination address or a range of destination addresses.
      • Destination MAC Address Value—Enter the MAC address to which the destination MAC address will be matched and its mask (if relevant).
      • Destination MAC Wildcard Mask—Enter the mask to define a range of MAC addresses. This mask is different than in other uses, such as subnet mask. Setting a bit as 1 indicates not to care and 0 indicates to mask that value. For example, the value FFFFFF000000 indicates that only the first three bytes of the destination MAC address are used.

        • NOTE     With a mask of 0000 0000 0000 0000 0000 0000 1111 1111 1111 1111 1111 1111, you match on the bits where there is 0 and do not match on the bits where there is 1. You need to translate the 1 to a decimal integer and you write 0 for each four zeros. In this example, because 1111 1111 = FF, the mask would be written as 000000FFFFFF.

    • Source MAC Address—Select Any if all source addresses are acceptable, or select User Defined to enter a source address or a range of source addresses.
      • Source MAC Address Value—Enter the MAC address to which the source MAC address will be matched and its mask (if relevant).
      • Source MAC Wildcard Mask—Enter the mask to define a range of MAC addresses.
    • VLAN ID—Enter the VLAN ID of the VLAN tag to match.
    • 802.1p—Check Include to use 802.1p, and enter the following fields:
      • 802.1p Value—Enter the 802.1p value to be added to the VPT tag.
      • 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
    • Ethertype—Enter the frame Ethertype to be matched.
  5. Click Apply. The MAC-based ACE is defined, and the Running Configuration is updated.