Foundry Networks Switch and Router Installation And Configuration Manual page 323

16. Select the port (and slot, if applicable) for which you are configuring the filter group. You can configure one
MAC filter group on each port.
17. Enter the filter numbers in the Filter ID List field. Separate each filter number from the next one by a single
space. The software applies the filters in the order you list them, from left to right. When a packet matches a
filter, the software stops comparing the packet against the filter list and applies the action specified in the
matching filter.
18. Click the Add button to save the filter to the device's running-config file.
19. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.
Enabling Logging of Packets Denied by MAC Filters
You can configure the Foundry device to generate Syslog entries and SNMP traps for packets that are denied by
Layer 2 MAC filters. You can enable logging of denied packets on a global basis or an individual port basis.
See Example 4 in the "show logging" section in the "Show Commands" chapter of the Foundry Switch and Router
Command Line Interface Reference for a description of how the timer for the entries works. Layer 2 MAC filters
and IP access policies use the same timer, whereas Access Control Lists (ACLs) use a separate timer, but the
timers work the same way. Thus, the description of how the ACL timer works also applies to the Layer 2 MAC
filters and IP access policies.
USING THE CLI
To configure Layer 2 MAC filter logging globally, enter the following CLI commands at the global CONFIG level:
BigIron(config)# mac filter log_en
BigIron(config)# write memory
Syntax: [no] mac filter log_en
To configure Layer 2 MAC filter logging for MAC filters applied to ports 1/1 and 3/3, enter the following CLI
commands:
BigIron(config)# int ethernet 1/1
BigIron(config-if-1/1)# mac filter-group log_en
BigIron(config-if-1/1)# int ethernet 3/3
BigIron(config-if-3/3)# mac filter-group log_en
BigIron(config-if-3/3)# write memory
Syntax: [no] mac filter-group log_en
USING THE WEB MANAGEMENT INTERFACE
You cannot configure a Layer 2 MAC filter to generate Syslog entries and SNMP traps for denied packets using
the Web management interface.
December 2000
Configuring Basic Features
10 - 65