22
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
400
MAC-based ACE
Each MAC-based rule consumes one TCAM rule. Note that the TCAM allocation is performed
in couples, such that, for the first ACE, 2 TCAM rules are allocated and the second TCAM rule
is allocated to the next ACE, and so forth.
To add rules (ACEs) to an ACL:
Click Access Control > Mac-Based ACE.
Select an ACL, and click Go. The ACEs in the ACL are listed.
Click Add.
Enter the parameters.
•
ACL Name—Displays the name of the ACL to which an ACE is being added.
•
Priority—Enter the priority of the ACE. ACEs with higher priority are processed first.
One is the highest priority.
•
Action—Select the action taken upon a match. The options are:
-
Permit—Forward packets that meet the ACE criteria.
-
Deny—Drop packets that meet the ACE criteria.
-
Shutdown—Drop packets that meet the ACE criteria, and disable the port from
where the packets received. Such ports can be reactivated from the
Settings
page.
•
Logging—Select to enable logging ACL flows that match the ACL rule.
•
Time Range—Select to enable limiting the use of the ACL to a specific time range.
•
Time Range Name—If Time Range is selected, select the time range to be used. Time
ranges are defined in the
•
Destination MAC Address—Select Any if all destination addresses are acceptable or
User defined to enter a destination address or a range of destination addresses.
•
Destination MAC Address Value—Enter the MAC address to which the destination
MAC address is to be matched and its mask (if relevant).
•
Destination MAC Wildcard Mask—Enter the mask to define a range of MAC
addresses. Note that this mask is different than in other uses, such as subnet mask. Here,
setting a bit as 1 indicates don't care and 0 indicates to mask that value.
System Time Configuration
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Access Control
MAC-Based ACLs Creation
Error Recovery
section.