Access Control
IPv4-based ACLs
STEP 5
IPv4-based ACLs
Cisco Small Business 300 Series Managed Switch Administration Guide
-
Shutdown—Drop packets that meet the ACE criteria, and disable the
port from where the packets were received. Such ports can be
reactivated from the Port Settings Page.
•
Destination MAC Address—Select Any if all destination addresses are
acceptable or User defined to enter a destination address or a range of
destination addresses.
•
Destination MAC Address Value—Enter the MAC address to which the
destination MAC address will be matched and its mask (if relevant).
•
Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet
mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask
that value. For example, the value: "FFFFFF000000" indicates that only the
first three bytes of the destination MAC address are used.
•
Source MAC Address—Select Any if all source address are acceptable or
User defined to enter a source address or range of source addresses.
•
Source MAC Address Value—Enter the MAC address to which the source
MAC address will be matched and its mask (if relevant).
•
Source MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses.
•
VLAN ID—Enter the VLAN ID section of the VLAN tag to match.
•
802.1p—Select Include to use 802. 1 p.
•
802.1p Value—Enter the 802. 1 p value to be added to the VPT tag.
•
802.1p Mask—Enter the wildcard mask to be applied to the VPT tag.
•
Ethertype—Enter the frame Ethertype to be matched.
Click Apply. The Add MAC Based ACE is defined, and the switch is updated.
IPv4-based ACLs are used to check IPv4 packets, while other types of frames,
such as ARPs, are not checked.
17
236