WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!
Solved
MAC Filtering
Posted on 2013-12-20
Hi Experts,
I hope you can help me with this. Im trying to set up MAC filtering on a powerconnect 5448
However when i apply my ACL to the port it blocks all traffic even from the device, who's mac should be allowed
As a result im guessing i've configured something wrong so hopefully someone can spot the mistake
Here is my understanding of the fields
Priority - Self explanatory
Action - Self explanatory
Source MAC - MAC of machine or device in question
MAC Wild Card Mask - 00:00:00:00:00:00 for a explicit mac address
VLAN - vlan of port and device
Ethertype - should be 0x0800 for all traffic?
The only one im uncertain on is the ethertype
I hope you can help me with this. Im trying to set up MAC filtering on a powerconnect 5448
However when i apply my ACL to the port it blocks all traffic even from the device, who's mac should be allowed
As a result im guessing i've configured something wrong so hopefully someone can spot the mistake
Here is my understanding of the fields
Priority - Self explanatory
Action - Self explanatory
Source MAC - MAC of machine or device in question
MAC Wild Card Mask - 00:00:00:00:00:00 for a explicit mac address
VLAN - vlan of port and device
Ethertype - should be 0x0800 for all traffic?
The only one im uncertain on is the ethertype
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
3
2
8 Comments
Ethernet II frame's "Type" field tells the OS what kind of data the frame carries
0x0800 means that the contents of the frame is an IPv4 packet
0x0800 means that the contents of the frame is an IPv4 packet
Can you please run and give us the output,
console# show mac access-lists
console# show mac access-lists YOUR-ACL-NAME
Here is the example configuration:
console(config)#mac access-list extended ALLOW
console(config-mac-access-
console(config-mac-access-
Then we apply on that specific interface
console(config)#mac access-group ALLOW in
console# show mac access-lists
console# show mac access-lists YOUR-ACL-NAME
Here is the example configuration:
console(config)#mac access-list extended ALLOW
console(config-mac-access-
console(config-mac-access-
Then we apply on that specific interface
console(config)#mac access-group ALLOW in
SWI..DP108# show access-lists
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
SWI..DP108# show access-lists
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
SWI..DP108# show access-lists SJones
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
SWI..DP108# show access-lists
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
SWI..DP108# show access-lists SJones
MAC access list SJones
permit host b8:ca:3a:73:d6:24 any vlan 1 ethtype 0806
Active today
This is for a 6024, but might work on the 5448...
mac access-list ALLOW_PCS
permit aa:bb:cc:dd:ee:ff 00:00:00:00:00:00 any vlan 1
permit 00:11:22:33:44:55 00:00:00:00:00:00 any vlan 1
!
interface e1
service-acl input ALLOW_PCS
interface e2
service-acl input ALLOW_PCS
EtherType 0806 seems to be for Address Resolution Protocol (ARP)
Can you please remote "ethtype 0806" from the ACE.
Also please apply the ACL inbound to the interface.
Can you please remote "ethtype 0806" from the ACE.
Also please apply the ACL inbound to the interface.
Featured Post
With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
#Citrix #Netscaler #MSSQL #Load Balance
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"!
Step 1: Open a new google tab
Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month8 days, 11 hours left to enroll
721 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.