Manuals / Dell / Computer Equipment / Computer Accessories

Dell 6200 SERIES manual Configuring a MAC ACL

Models: 6200 SERIES

1 176
Download 176 pages 5.47 Kb
Page 116
Image 116

Step 1: Create an ACL and Define an ACL Rule

This command creates an ACL named list1 and configures a rule for the ACL. After the mask has been applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends these packets to the specified Destination IP address.

console#config

console(config)#access-list list1 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.0

Step 2: Define the Second Rule for ACL 179

Define the rule to set similar conditions for UDP traffic as for TCP traffic.

console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255

console(config)#exit

Step 3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2

Only traffic matching the criteria will be accepted.

console(config)#interface ethernet 1/g2 console(config-if-1/g2)#ip access-group list1 out console(config-if-1/g2)#exit

Configuring a MAC ACL

The following steps configure a MAC ACL that denies traffic with any MAC address access to hosts with a MAC address of 00:11:22:33:XX:XX, where XX is any hexadecimal value (1-F). The log parameter specifies that the system should keep track of the number of times the rule is applied to traffic that meets the rule criteria. When a frame entering the port matches the rule, the rule hit counter increments. Every five minutes the ACL application checks the counter. If the counter indicates that the rule has been applied since the last time it was checked, the ACL application logs a message indicating which rule was applied and how many times it was hit during that time period.

The rule is applied to interface 1/g5 in the inbound direction and has a priority value of 6 (the lower the number, the higher the priority).

Step 1: Set up a MAC Access List

console#config

console(config)#mac access-list extended mac1 console(config)#exit

Step 2: Specify the MAC ACL Attributes

console(config-mac-access-list)#deny any 00:11:22:33:44:55 00:00:00:00:FF:FF log

Step 3: Configure a MAC Access Group

console(config)#interface ethernet 1/g5 console(config-if-1/g5)#mac access-group mac1 in 6

116

Device Security

Page 115 Page 117
Page 116
Image 116
Dell 6200 SERIES manual Configuring a MAC ACL
Page 115 Page 117