Configure EX3500 MAC ACL Policy Rules

Use this task to configure, edit, or delete EX3500 MAC ACL policy rules.

  1. Choose from the following actions:
    • If you are in the process of configuring a new MAC ACL policy, select the EX3500 MAC ACL tab and proceed to the next step.

    • If you want to add, edit, or delete a rule for an existing EX3500 MAC ACL policy, go to Policies > Wireless Firewall > MAC ACL.

      Select adjacent to the target MAC ACL policy, then select the EX3500 MAC ACL tab. Choose from the following actions:

      • To edit an EX3500 MAC ACL policy rule, select adjacent to the rule you want to modify. Modify the rule in accordance with the steps in this procedure.
      • To delete a policy rule, select adjacent to the target rule.
      • To create a new rule for the policy, proceed to the next step.
  2. Select to create a new rule.
  3. Configure the Rule parameters as described in EX3500 MAC ACL Rule Parameters.
    Table 1. EX3500 MAC ACL Rule Parameters
    Parameter Description
    Allow Every EX3500 MAC ACL firewall rule is made up of matching criteria rules. The Allow action defines what to do with the packet if it matches the specified criteria. The following actions are supported:
    • Deny: Instructs the firewall to prevent a packet from proceeding to its destination.
    • Permit: Instructs the firewall to allow a packet to proceed to its destination.
    VLAN ID Enter a VLAN ID (1 – 4094) that is representative of the shared SSID each user employs to interoperate within the network (once authenticated by the local RADIUS server).
    VLAN Mask Enter a VLAN ID bit mask value.
    Source and Destination MAC Enter both Source MAC and Destination MAC addresses. Access points use the source MAC address and destination MAC address as basic matching criteria. Provide a subnet mask if using a mask.
    Ether Type

    Specify an Ether Type. An Ether Type is a two-octet field within an Ethernet frame. It is used to indicate which protocol is encapsulated in the payload of an Ethernet frame. Select a value in the range 0 – 65535.

    This parameter is enabled by default. The default value is 1.
    Ether Mask Specify the Ether Mask. Select a value in the range 0 – 65535. This field is enabled by default. The default value is 1.
    Packet Type Identify the Packet Type. Options are:
    • All
    • Tagged-Eth2
    • Untagged-Eth2
    Time Range Select a Time Range during which this ACL is to be enabled. The time range must be predefined through CLI using the command ex3500 time-range <TIMERANGE-NAME>.
    Precedence Specify a Precedence for this MAC firewall rule. Enter a value in the range 1 – 5000. Rules with lower precedence values are always applied first to packets.
  4. Select Add to add the rule.
  5. Optionally, repeat the steps in this procedure to add more policy rules.
  6. Choose from the following actions:
    1. Select Apply to commit the configured settings.
      Note

      Note

      This does not save the settings you configured; it provides a preview of your applied settings. To undo the settings you applied, select Revert.
    2. Select Save to commit and save the configured settings.
      Note

      Note

      If you do not select Save, the settings that you configured are not saved when you move away from the configuration window.

9037761-04 Rev AA