Example - Denying Traffic From Any Mac Address; Example - Denying Dot1Q Tagged Traffic; Example - Denying Traffic Between Two Mac Based Hosts - Motorola RFS7000 Reference Manual
Rfs series wireless lan switches
Hide thumbs
Also See for RFS7000:
- Reference manual (588 pages) ,
- System reference manual (466 pages) ,
- Troubleshooting manual (60 pages)
Table of Contents
Advertisement
16-6
Motorola RF Switch CLI Reference Guide
By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt
an access port through an interface, configure an access control list to allow an ethernet
wisp.
The last ACE in the access list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs in
the ACL. It is allowed/denied based on the ACL configuration.
16.1.2.1 Example - Denying Traffic from any MAC Address
The MAC ACL (in the example below) denies traffic from any source MAC address to a
particular host MAC address:
RFSwitch(config-ext-macl)#deny any host 00:01:ae:00:22:11
RFSwitch(config-ext-macl)#
16.1.2.2 Example - Denying dot1q Tagged Traffic
The MAC ACL (in the example below) denies dot1q tagged traffic from VLAN interface 5:
RFSwitch(config-ext-macl)#deny any any vlan 5 type 8021q
RFSwitch(config-ext-macl)#
16.1.2.3 Example - Denying Traffic Between Two MAC Based Hosts
The example below denies traffic between two hosts based on MAC addresses:
RFSwitch(config-ext-macl)#deny host 01:02:fe:45:76:89 host
01:02:89:78:78:45
RFSwitch(config-ext-macl)#
NOTE: A MAC access list entry to allow arp is mandatory to apply an IP
based ACL to an interface. MAC ACL always takes precedence over IP
based ACL's.
Advertisement
Table of Contents
