Configure MAC ACL Policy Rules

Use this procedure to configure, edit, or delete MAC ACL policy rules.

  1. Choose from the following actions:
    • If you are in the process of configuring a new MAC ACL policy, select the ACL Settings tab and proceed to the next step.

    • If you want to add, edit, or delete a rule for an existing MAC ACL policy, go to Policies > Wireless Firewall > MAC ACL.

      Select adjacent to the target MAC ACL policy, then select the ACL Settings tab. Choose from the following actions:

      • To edit a MAC ACL policy rule, select adjacent to the rule you want to modify. Modify the rule in accordance with the steps in this procedure.
      • To delete a policy rule, select adjacent to the target rule.
      • To create a new rule for the policy, proceed to the next step.
  2. Select to create a new rule.
  3. Configure the Rule parameters as described in ACL Settings Rule Parameters
    Table 1. ACL Settings Rule Parameters
    Parameter Description
    Allow Every MAC ACL firewall rule is made up of matching criteria rules. The Allow action defines what to do with the packet if it matches the specified criteria. The following actions are supported:
    • Deny: Instructs the firewall to prevent a packet from proceeding to its destination.
    • Permit: Instructs the firewall to allow a packet to proceed to its destination.
    VLAN ID Enter a VLAN ID representative of the shared SSID each user employs to interoperate within the network (once authenticated by the local RADIUS server). The VLAN ID can be from 1 – 4094.
    Match 802.1P Configures IP DSCP to 802.1p priority mapping for untagged frames. Set a value in the range 0 – 7.
    Source and Destination MAC Enter both Source MAC and Destination MAC addresses. Access points use the source IP address, destination MAC address as basic matching criteria. Provide a subnet mask if using a mask.
    Actions The following actions are supported:
    • Log: Events are logged for archive and analysis.
    • Mark: Modifies certain fields inside the packet and then permits them. Therefore, mark is an action with an implicit permit.
      • VLAN 802.1p priority.
      • DSCP bits in the IP header.
    • Mark, Log - Conducts both mark and log functions.
    Attribute to Mark

    This parameter appears if Mark is selected for the Actions parameter.

    Select 8021p or dscp.
    Traffic Class Select this parameter to enable filtering using traffic class. Specify a Traffic Class value in the range 1 – 10.
    Precedence Specify a Precedence for this MAC firewall rule between 1 – 1500. Rules with lower precedence are always applied first to packets.
    Ether Type An Ether type is a two octet field within an Ethernet frame. It is used to indicate which protocol is encapsulated in the payload of an Ethernet frame. Specify an Ether Type. Options are:
    • Other
    • ipv4
    • arp
    • rarp
    • appletalk
    • aarp
    • mint
    • wisp
    • ipx
    • 802.1q
    • ipv6
    Ether Value

    This parameter appears if Other is selected for the Ether Type parameter.

    Enter an Ether Value in the range 1 – 5,535

    Description Provide a Description (up to 64 characters) for the rule to help differentiate it from others with similar configurations.
  4. Select Add to add the rule.
  5. Optionally, repeat the steps in this procedure to add more policy rules.
  6. Choose from the following actions:
    1. Select Apply to commit the configured settings.
      Note

      Note

      This does not save the settings you configured; it provides a preview of your applied settings. To undo the settings you applied, select Revert.
    2. Select Save to commit and save the configured settings.
      Note

      Note

      If you do not select Save, the settings that you configured are not saved when you move away from the configuration window.

9037761-04 Rev AA