3 Configuring the Switch

Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexadecimal bitmask for an address range. Set any other required criteria, such as VID, Ethernet type, or packet format. Then click Add.

Figure 3-69 Configuring MAC ACLs

CLI – This example configures one permit rule for all source mac addresses to communicate with all destination mac addresses on VLAN 12, and another permit rule for source mac address to communicate with all destination mac addresses.

Console(config-mac-acl)#permit any any vid 12 4095

4-146

Console(config-mac-acl)#permit host 00-10-b5-e9-52-79 any

Console(config-mac-acl)#

Binding a Port to an Access Control List

After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list to any port.

Command Usage

Each ACL can have up to 100 rules.

This switch supports ACLs for ingress filtering only. However, you only bind one IP ACL to any port for ingress filtering. In other words, only one ACL can be bound to an interface - Ingress IP ACL.

3-106

Page 156
Image 156
Accton Technology ES3528M-SFP manual Binding a Port to an Access Control List, 146