Adding Rules to a MAC-based ACL

To add rules (ACEs) to an ACL:

  1. Click Access Control > MAC Based ACE. The MAC Based ACE page opens.
  2. Select an ACL, and click Go. The ACEs in the ACL are listed.
  3. Click Add. The Add MAC Based ACE page opens.
  4. Enter the parameters.
    • ACL Name--Displays the name of the ACL to which an ACE is being added.
    • Priority--Enter the priority of the ACE. ACEs with higher priority are processed first. One is the highest priority.
    • Action--Select the action taken upon a match. The options are:
      • Permit--Forward packets that meet the ACE criteria.
      • Deny--Drop packets that meet the ACE criteria.
      • Shutdown--Drop packets that meet the ACE criteria, and disable the port from where the packets were received. Such ports can be reactivated from the Port Settings page.
    • Destination MAC Address--Select Any if all destination addresses are acceptable or User defined to enter a destination address or a range of destination addresses.
    • Destination MAC Address Value--Enter the MAC address to which the destination MAC address will be matched and its mask (if relevant).
    • Destination MAC Wildcard Mask--Enter the mask to define a range of MAC addresses. Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value.
    • Source MAC Address--Select Any if all source address are acceptable or User defined to enter a source address or range of source addresses.
    • Source MAC Address Value--Enter the MAC address to which the source MAC address will be matched and its mask (if relevant).
    • Source MAC Wildcard Mask--Enter the mask to define a range of MAC addresses.
    • VLAN ID--Enter the VLAN ID section of the VLAN tag to match.
    • 802.1p--Select Include to use 802.1p.
    • 802.1p Value--Enter the 802.1p value to be added to the VPT tag.
    • 802.1p Mask--Enter the wildcard mask to be applied to the VPT tag.
    • Ethertype--Enter the frame Ethertype to be matched.
  5. Click Apply. The MAC-based ACE is defined, and the Running Configuration file is updated.