Protection from unauthorized access
20
6.6
Access Control Lists (ACL).
Basic - L3P
Release
4.0
11/07
Note: IP address masks in the rules of ACLs are inverse.
This means that if you want to mask a single IP address, you select the net-
work mask 0.0.0.0.
6.6.3 Description of MAC-based ACLs
While you use an ID number to identify IP-based ACLs, you use a unique
name of your choice to identify MAC-based ACLs.
MAC-based ACLs provide the following criteria for filtering:
X Source MAC address with masks or all sources (any)
X Destination MAC address or all destinations (any)
X Ethernet type
X VLAN ID
X VLAN priority (COS)
X Secondary VLAN ID
X Secondary VLAN priority
Note: If you are using MAC ACLs at ports which are located in the HIPER-
Ring or which participate in the Ring/network coupling, you add the following
rule to the ACLs:
X PERMIT
X Source MAC: ANY
X Destination MAC: 00:80:63:00:00:00
X Destination MAC mask: 01:00:00:ff:ff:ff
X CLI command in Config-mac-access mode:
permit any 00:80:63:00:00:00 01:00:00:ff:ff:ff
Note: If you are using MAC ACLs at ports located in the MRP-Ring, you add
the following rule to the ACLs:
To Next Page
Loading...
Need help?
General
