Linksys SRW224P Switch User Manual


 
59
Chapter 5: Configuring the Switch through the Web Utility
Security
24-Port 10/100 + 2-Port Gigabit Switch with Webview and Power over Ethernet
MAC ACL
To configure a MAC ACL do the following.
Specify the action (that is, Permit or Deny). Specify the source and/or destination addresses. Select the address
type (Any, Host, or MAC). If you select “Host,” enter a specific address (for example, 11-22-33-44-55-66). If you
select “MAC,” enter a base address and a hexadecimal bitmask for an address range. Set any other required
criteria, such as VID, Ethernet type, or packet format. Then click Add.
Action. An ACL can contain any combination of permit or deny rules.
Source/Destination Address Type. Use “Any” to include all possible addresses, “Host” to indicate a specific
MAC address, or “MAC” to specify an address range with the Address and Bitmask fields. (Options: Any, Host,
MAC; Default: Any)
Source/Destination MAC Address. Source or destination MAC address.
Source/Destination Bitmask. Hexidecimal mask for source or destination MAC address.
VID. VLAN ID. (Range: 1-4094)
Ethernet Type. This option can only be used to filter Ethernet II formatted packets. (Range: 0-65535) A detailed
listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP),
0806 (ARP), 8137 (IPX).
NOTE:
When configuring a MAC ACL that includes the
rule "deny any any" for a specific VLAN, the following
restrictions apply: Received unicast packets with
unknown addresses are not flooded to all ports in the
VLAN. All dynamically learned MAC addresses in the
specified VLAN are flushed from the switch's MAC
address table. Other rules in the MAC ACL allow only
specific Host source or destination MAC addresses to
be specified.
NOTE:
MAC addresses specified in MAC ACLs will
conflict with any user-defined static MAC addresses.
Figure 5-42: ACL Conf - Adding/Editing MAC ACL