Description Of Mac-Based Acls - Hirschmann MACH 4000 User Manual

Protection from unauthorized access
Note: IP address masks in the rules of ACLs are inverse.
This means that if you want to mask a single IP address, you select the net-
work mask 0.0.0.0.

6.6.3 Description of MAC-based ACLs

While you use an ID number to identify IP-based ACLs, you use a unique
name of your choice to identify MAC-based ACLs.
MAC-based ACLs provide the following criteria for filtering:
Source MAC address with masks or all sources (any)
Destination MAC address or all destinations (any)
Ethernet type
VLAN ID
VLAN priority (COS)
Secondary VLAN ID
Secondary VLAN priority
Note: If you are using MAC ACLs at ports which are located in the HIPER-
Ring or which participate in the Ring/network coupling, you add the following
rule to the ACLs:
PERMIT
Source MAC: ANY
Destination MAC: 00:80:63:00:00:00
Destination MAC mask: 01:00:00:ff:ff:ff
CLI command in Config-mac-access mode:
permit any 00:80:63:00:00:00 01:00:00:ff:ff:ff
Note: If you are using MAC ACLs at ports located in the MRP-Ring, you add
the following rule to the ACLs:
20
6.6 Access Control Lists (ACL).
Basic - L3P
Release 4.0 11/07