Cisco 500 Series Administration Manual page 587

27
STEP 1
STEP 2
STEP 3
STEP 4
585
Click Access Control > Mac-Based ACE.
Select an ACL, and click Go. The ACEs in the ACL are listed.
Click Add.
Enter the parameters.
• ACL Name—Displays the name of the ACL to which an ACE is being added.
• Priority—Enter the priority of the ACE. ACEs with higher priority are
processed first. One is the highest priority.
• Action—Select the action taken upon a match. The options are:
Permit
- —Forward packets that meet the ACE criteria.
Deny
- —Drop packets that meet the ACE criteria.
Shutdown
- —Drop packets that meet the ACE criteria, and disable the port
from where the packets were received. Such ports can be reactivated
from the Port Settings page.
• Logging—Select to enable logging ACL flows that match the ACL rule.
• Time Range—Select to enable limiting the use of the ACL to a specific time
range.
• Time Range Name—If Time Range is selected, select the time range to be
used. Time ranges are defined in the
• Destination MAC Address—Select Any if all destination addresses are
acceptable or User defined to enter a destination address or a range of
destination addresses.
• Destination MAC Address Value—Enter the MAC address to which the
destination MAC address is to be matched and its mask (if relevant).
• Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet
mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask
that value.
Given a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which
NOTE
means that you match on the bits where there is 0 and don't match on the bits
where there are 1's). You need to translate the 1's to a decimal integer and you
write 0 for each four zeros. In this example since 1111 1111 = 255, the mask
would be written: as 0.0.0.255.
Configuring System Time
Cisco 500 Series Stackable Managed Switch Administration Guide
Access Control
MAC-based ACLs
section.