7.
Select the address type (Any, Host, or MAC).
8.
If you select "Host, " enter a specific address (e.g., 11-22-33-44-55-66). If you
select "MAC, " enter a base address and a hexadecimal bit mask for an address
range.
9.
Set any other required criteria, such as VID, Ethernet type, or packet format.
10.
Click Apply.
Figure 204: Configuring a MAC ACL
Configuring an
Use the Security > ACL (Configure ACL - Add Rule - ARP) page to configure ACLs
based on ARP message addresses. ARP Inspection can then use these ACLs to filter
ARP ACL
suspicious traffic (see
page
Parameters
These parameters are displayed:
◆
Type – Selects the type of ACLs to show in the Name list.
◆
Name – Shows the names of ACLs matching the selected type.
◆
Action – An ACL can contain any combination of permit or deny rules.
◆
Packet Type – Indicates an ARP request, ARP response, or either type.
(Range: IP, Request, Response; Default: IP)
"Configuring Global Settings for ARP Inspection" on
342).
– 335 –
Chapter 12
| Security Measures
Access Control Lists