Configuring Device Security
Defining Access Control
ESW 500 Series Switches Administration Guide 154
5
-
MAC Addres
s — Matches the source MAC address from which packets
are addressed to the ACE.
-
Wildcard Mask
— Indicates the source MAC Address wild card mask.
Wildcards are used to mask all or part of a source MAC Address. Wild
card masks specify which octets are used and which octets are ignored.
A wild card mask of ff:ff:ff:ff:ff:ff indicates that no octet is important. A
wildcard of 00:00:00:00:00:00 indicates that all the octets are important.
For example, if the source MAC address 09:00:07:A9:B2:EB and the
wildcard mask is 00:ff:00:ff:00:ff, the 1st, 3rd, and 5th octets of the MAC
address are checked, while the 2nd, 4th, and 6th octets are ignored.
• Destination MAC Address
-
MAC Address
— Matches the destination MAC address to which
packets are addressed to the ACE.
-
Wildcard Mask
— Indicates the destination MAC Address wild card
mask. Wildcards are used to mask all or part of a destination MAC
Address. Wild card masks specify which octets are used and which
octets are ignored. A wild card mask of ff:ff:ff:ff:ff:ff indicates that no
octet is important. A wildcard of 00:00:00:00:00:00 indicates that all the
octets are important. For example, if the destination IP address
09:00:07:A9:B2:EB and the wildcard mask is 00:ff:00:ff:00:ff, the 1st, 3rd,
and 5th octets of the MAC address are checked, while the 2nd, 4th, and
6th octets are ignored.
• VLAN ID — Matches the packet’s VLAN ID to the ACE. The possible field values
are 1 to 4095.
• Inner VLAN — Matches the ACE to the inner VLAN ID of a double tagged
packet.
• 802.1p — Displays the packet tag value.
• 802.1p Mask — Displays the wildcard bits to be applied to the CoS.
• Ethertype — Displays the Ethernet type of the packet.
• Action — Indicates the ACL forwarding action. The possible field values are:
-
Permit —
Forwards packets which meet the ACL criteria.
-
Deny —
Drops packets which meet the ACL criteria.
-
Shutdown —
Drops packet that meet the ACL criteria, and disables the
port to which the packet was addressed.
To Next Page
Loading...
Need help?
General