60
C
4: M
HAPTER
ANAGING
D
S
EVICE
ECURITY
Add Rules to ACL
Priority — Indicates the ACE priority, which determines which ACE is
■
matched to a packet on a first-match basis. The possible field values
are 1-2147483647.
Source MAC Address — Matches the source MAC address to which
■
packets are addressed to the ACE.
Source Mask — Indicates the source MAC Address wildcard mask.
■
Wildcards are used to mask all or part of a source MAC address.
Wildcard masks specify which bits are used and which are ignored. A
wildcard mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A
wildcard of 00.00.00.00.00.00.00 indicates that all bits are important.
For example, if the source MAC address is 00:AB:22:11:33:00 and the
wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are
used, while the last byte is ignored. For the source MAC address
00:AB:22:11:33:00, this wildcard mask matches all MAC addresses in
the range 00:AB:22:11:33:00 to 00:AB:22:11:33:FF.
Destination MAC Address — Matches the destination MAC address
■
to which packets are addressed to the ACE.
Destination Mask — Indicates the destination MAC Address
■
wildcard mask. Wildcards are used to mask all or part of a destination
MAC address. Wildcard masks specify which bits are used and which
are ignored. A wildcard mask of FF:FF:FF:FF:FF:FF indicates that no bit
is important. A wildcard mask of 00.00.00.00.00.00 indicates that all
bits are important. For example, if the destination MAC address is
00:AB:22:11:33:00 and the wildcard mask is 00:00:00:00:00:FF, the
first five bytes of the MAC are used, while the last byte is ignored. For
the destination MAC address 00:AB:22:11:33:00, this wildcard mask
matches all MAC addresses in the range 00:AB:22:11:33:00 to
00:AB:22:11:33:FF.
VLAN ID — Matches the packet's VLAN ID to the ACE. The possible
■
field values are 1 to 4093.
CoS — Classifies traffic based on the CoS tag value.
■
CoS Mask — Defines the CoS mask used to classify network traffic.
■
Ethertype — Provides an identifier that differentiates between
■
various types of protocols.
Action — Indicates the ACL forwarding action. In addition, the port
■
can be shut down, a trap can be sent to the network administrator, or