The protection using MAC filtering provides a simple protection against an unwanted
network access. Nevertheless it does not e.g. protect against the widely spread attack
type „MAC-Spoofing".
Port security using ACL, starting in Layer 2
Policy-based security of ports using MAC address verification via ACL
Preliminary considerations:
The example describes the protection of a port using the physical Ethernet address at the
barox switch.
The ACL function functions similar to a network firewall. It sequentially verifies policies and
conditions, resp., and triggers the profile and related actions depending on the emergence of the
condition. In this example this is the verification, whether a distinct MAC address and terminal,
resp., is connected to a distinct port of the switch. The port shall be administratively and
physically be switched off, where this is not the case (shutdown). The ACL also allows the
realisation of higher network layers with policies for TCP/IP up to data flow control.
Configuration:
The creation of ACLs/ACEs is effected in the menu "Access Control > Access Control List".
A new policy is generated by clicking the "+" symbol as follows:
barox Kommunikation
32