Case 1: ACL for MAC Address

For MAC address ACL (Access Control List), it can filter on source MAC address, destination MAC address, or both. When it filters on both MAC address, packets coincident with both rules will take effect. In other words, it does not do filter if it only coincident with one rule.

If you want to filter only one directional MAC address, the other MAC address just set to all zero. It means “don‘t care” portion. Besides MAC address, it also supports VLAN (Virtual LAN) and Ether type for filter additionally. Certain VLAN or Ether type under these MAC address will take effect. If you don‘t care VLAN or Ether type, you can just set to zero values.

Following are examples about the above table:

Case 1: (a)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “deny” action for ACL. It means GE port can pass through all packets but not ACL entry of the profile binding.

Case 1: (b)

This case acts as no ACL function. It means all frames will pass through.

Case 1: (c)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “Queue Mapping” action for some ACL function. It means GE port can do queue mapping 0~7 of the frame received from this port.

Case 1: (d)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “CoS (Class of Service) Marking” action for some ACL function. It means GE port can remark CoS of the VLAN frame received from this port.

Case 1: (e)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “Copy Frame” action for mirror analyzer used. It means the system will copy frames from binding GE Port to analyzer port.

Case 1: (f)

This case means all frames will not pass through.

Case 1: (g)

You can set default ACL Rule of GE port as “Deny”, then to bind a suitable profile with “Permit” action for ACL. It means GE port can not pass through all packets but ACL entry of the profile binding.

Case 1: (h)

Because the default ACL Rule of GE port is “Deny”, Queue Mapping action has no sense. We do not do this case.

Case 1: (i)

Because the default ACL Rule of GE port is “Deny”, CoS Marking action has no sense. We do not do this case.

Case 1: (j)

You can set default ACL Rule of GE port as “Deny”, then to bind a suitable profile with “Copy Frame” action for mirror analyzer used. It means the system will copy frames from binding GE Port to analyzer port. There is no frame received from the denied GE port but the mirror analyzer port.