MAC-based ACE

Note

Each MAC-based rule consumes one TCAM rule. The TCAM allocation is performed in couples, such that, for the first ACE, 2 TCAM rules are allocated and the second TCAM rule is allocated to the next ACE, and so forth.

To add rules (ACEs) to an ACL, complete the following steps:

Procedure

Step 1

Click Access Control > Mac-Based ACE.

Step 2

Select an ACL, and click Go. The ACEs in the ACL are listed.

Step 3

Click Add.

Step 4

Enter the parameters.

  • ACL Name—Displays the name of the ACL to which an ACE is being added.

  • Priority—Enter the priority of the ACE. ACEs with higher priority are processed first. One is the highest priority.

  • Action—Select the action taken upon a match. The options are:

    • Permit—Forward packets that meet the ACE criteria.

    • Deny—Drop packets that meet the ACE criteria.

    • Shutdown—Drop packets that meet the ACE criteria, and disable the port from where the packets received.

  • Destination MAC Address—Select Any if all destination addresses are acceptable or User defined to enter a destination address or a range of destination addresses.

  • Destination MAC Address Value—Enter the MAC address to which the destination MAC address is to be matched and its mask (if relevant).

  • Destination MAC Wildcard Mask—Enter the mask to define a range of MAC addresses. This mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value.

    Note

    Given a mask of 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 1111 (which means that you match on the bits where there’s 0 and don't match on the bits where there are 1's). You need to translate the 1's to a hexadecimal value and you write 0 for every four zeros. In this example since 1111 1111 = FF, the mask would be written: as 00:00:00:00:00:FF.

  • Source MAC Address—Select Any if all source addresses are acceptable or User defined to enter a source address or range of source addresses.

  • Source MAC Address Value—Enter the MAC address to which the source MAC address is to be matched and its mask (if relevant).

  • Source MAC Wildcard Mask—Enter the mask to define a range of MAC addresses.

  • VLAN ID—Enter the VLAN ID section of the VLAN tag to match.

  • 802.1p—Select Include to use 802.1p.

  • 802.1p Value—Enter the 802.1p value to be added to the VPT tag.

  • 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.

  • Ether type—Enter the frame Ether type to be matched.

Step 5

Click Apply. The MAC-based ACE is saved to the Running Configuration file.