Configuring the Switch
3-106
3
Web – Specify the action (i.e., Permit or Deny). Specify the source and/or
destination addresses. Select the address type (Any, Host, or MAC). If you select
“Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter
a base address and a hexadecimal bitmask for an address range. Set any other
required criteria, such as VID, Ethernet type, or packet format. Then click Add.
Figure 3-69 Configuring MAC ACLs
CLI – This example configures one permit rule for all source mac addresses to
communicate with all destination mac addresses on VLAN 12, and another permit
rule for source mac address to communicate with all destination mac addresses.
Binding a Port to an Access Control List
After configuring the Access Control Lists (ACL), you can bind the ports that need to
filter traffic to the appropriate ACLs. You can assign one IP access list to any port.
Command Usage
• Each ACL can have up to 100 rules.
• This switch supports ACLs for ingress filtering only. However, you only bind one IP
ACL to any port for ingress filtering. In other words, only one ACL can be bound to
an interface - Ingress IP ACL.
Console(config-mac-acl)#permit any any vid 12 4095 4-146
Console(config-mac-acl)#permit host 00-10-b5-e9-52-79 any
Console(config-mac-acl)#