Deploy Layer 2 ACLs for Access Control

Deploy Layer 2 ACLs for Access Control

Scenario Description

As shown in the figure, ACL Management accesses Switch A through 10.0.0.1. The MAC address of Server A is 00E0-FC01-0303.

Deploy a Layer 2 ACL to Switch A to deny the access to Server A from PC 1 from 08:00 to 18:00 on working days.

Network diagram

Scenario Analysis

To deny the access to Server A from PC 1, deploy a Layer 2 ACL to Ethernet 1/0/1 of Switch A. The Layer 2 ACL discards frames with source MAC address 0015-E9AC-BB5B and destination MAC address 00E0-FC01-0303.

Operation Procedure

1. Add device to the the system platform.
   Click Add Device in the My Shortcut tree. Type 10.0.0.1 (IP address of Switch A) in the Host Name/IP text box.
2. Add ACL resource.
   a.Select the Service tab, select ACL Management and click ACL Resource in the navigation tree, click Add and then click Common ACL Resource to enter the ACL Resource page.
   b. Select Link for ACL Type, type the ACL identifier 4001 and enter the ACL resource name Deny Host Worktime, then click OK.
   
3. Add ACL rule set.
   a. In the ACL Resource page, click the 4001 identifier link.
   b. Click Add. Enter the basic information and select Configure ACL Rules with Time Range, click Next.
   c. Click Add. Set the name to workTime and click Add.
   d. Set the type to Cyclic, set the period to Workday, set the start time to 08:00, set the end time to 18:00, and then click OK.
   e. Click OK. Click Next.
   f. Click Add to enter the Add Rule page. Set the action to deny, set the time range to workTime, select MAC Address/Mask in the Source MAC Addr area and type 0015-E9AC-BB5B/FFFF-FFFF-FFFF, select MAC Address/Mask in the Destination MAC Addr area and type 00E0-FC01-0303/FFFF-FFFF-FFFF, and finally click OK.
   g. Click Finish.
   
4. Access ACL Devices.
   a. Select the Service tab, select ACL Management and click ACL Devices in the navigation tree to show the ACL device list. Click the ACL Config link of Switch A to enter the ACL configuration page of Switch A.
   
5. Add ACL definition.
   a. Select the ACL Definitions tab and click Add. Select 4001 and the rule set you have just added, and then click Next.
   b. Click Deploy. Set the task name to setRule4, set the deployment order to Serial, set the error handling mechanism to Stop all deployments when error occurs, set the execution time to Immediately, and then click OK.
   
6. Add ACL use.
   a. Select the ACL Uses tab and click Add. Set the service type to Packet Filter, and then click Next.
   b. Set the filter direction to inbound, select Ethernet1/0/1, and then click Next.
   c. Select 4001 and click OK.
   d. Set the task name to addApp4, set the deployment order to Serial, set the error handling mechanism to Stop all deployments when error occurs, set the execution time to Immediately, and then click OK.
   

Precautions

• MAC address masks are used in ACL Management while inverse masks are used on devices.
• After the deployment, you can view the result in the task list. Only Succeeded indicates the deployment is successful.