Table 221: Mac Acl Rule Configuration Fields - D-Link DWS-4026 User Manual

D-Link Unified Access System
Field
MAC ACL
Rule
Rule ID
Action
Logging
Assign Queue ID
Match Every
Mirror Interface
CoS
Destination MAC Address
Destination MAC Mask
EtherType Key
Page 354 Configuring Access Control Lists

Table 221: MAC ACL Rule Configuration Fields

Description
Specifies an existing MAC ACL. To set up a new MAC ACL use the
Control Lists" page.
Select an existing Rule ID to modify or select Create Rule to configure a new ACL
Rule. Enter a whole number in the range of 1 to 12 that will be used to identify the rule.
New rules cannot be created if the maximum number of rules has been reached. For
each rule, a packet must match all the specified criteria in order to be true against that
rule and for the specified rule action (Permit/Deny) to take place.
This field is only available if you select Create Rule from the Rule field. Enter a new
Rule ID. After you click Submit, the new ID is created and you can configure the rule
settings. You can create up to 12 rules for each ACL.
Specify what action should be taken if a packet matches the rule's criteria:
• Permit: Forwards packets that meet the ACL criteria.
• Deny: Drops packets that meet the ACL criteria.
This field is only visible for a Deny Action. When set to True, logging is enabled for this
ACL rule (subject to resource availability in the device). If the Access List Trap Flag is
also enabled, this will cause periodic traps to be generated indicating the number of
times this rule went into effect during the current report interval. A fixed 5 minute report
interval is used for the entire system. A trap is not issued if the ACL rule hit count is
zero for the current interval.
This field is only visible when the Action is Permit. Specifies the hardware egress
queue identifier used to handle all packets matching this ACL rule. Click Configure,
and then enter an identifying number from 0 to 6 in the appropriate field. Click Submit
or Cancel to return to the Rule Configuration page.
Requires a packet to match the criteria of this ACL. Click Configure, and then select
True or False from the dropdown list. Then click Submit or Cancel to return to the Rule
Configuration page. Match Every is exclusive to the other filtering rules, so if Match
Every is True, the other rules on the screen do not appear. False indicates that it is not
mandatory for every packet to match the selected ACL Rule.
This field is only visible when the Action is Permit. Specifies the specific egress
interface where the matching traffic stream is copied in addition to being forwarded
normally by the device.
Specifies the 802.1p user priority to compare against an Ethernet frame. Requires a
packet's class of service (CoS) to match the CoS value listed here. Click Configure,
and then enter a CoS value between 0 and 7 to apply this criteria. Click Submit or
Cancel to return to the Rule Configuration page.
Requires an Ethernet frame's destination port MAC address to match the address
listed here. Click Configure, and then enter a MAC address in the appropriate field.
The valid format is xx_xx_xx_xx_xx_xx. The BPDU keyword may be specified using a
Destination MAC Address of 01:80:C2:xx:xx:xx. Click Submit or Cancel to return to
the Rule Configuration page.
If desired, enter the MAC Mask associated with the Destination MAC to match. The
MAC address mask specifies which bits in the destination MAC to compare against an
Ethernet frame. Use F's and zeros in the MAC mask, which is in a wildcard format. An
F means that the bit is not checked, and a zero in a bit position means that the data
must equal the value given for that bit. For example, if the MAC address is
aa_bb_cc_dd_ee_ff, and the mask is 00_00_ff_ff_ff_ff, all MAC addresses with
aa_bb_xx_xx_xx_xx result in a match (where x is any hexadecimal number). Click
Submit or Cancel to return to the Rule Configuration page.
Requires a packet's EtherType to match the EtherType you select. Click Configure,
and then select the EtherType value from the dropdown menu. If you select User
Value, you can enter a custom EtherType value.
Software User Manual
"MAC Access
Document 34CSFP6XXUWS-SWUM100-D7
12/10/09