Support

Community

Worldwide / English

TP-Link, Reliably Smart

Home
WiFi 6

WiFi 6E

HomeCare

HomeShield

OneMesh

AI-Driven Mesh
Mesh Wi-Fi

Wi-Fi for the whole home

Deco

Deco for ISP

Routers

Create a fast and reliable Wi-Fi

Wi-Fi Routers

Wi-Fi 6 Routers

Modems/ Gateways

Your doorway to the internet

DSL Modem Routers

Cable Modems & Routers

4G Wi-Fi Routers

Network Expansion

Easy ways to expand and enhance your network

Powerline Adapters

Range Extenders

Access Points

SOHO Switches

Keeping your home wired for quality connections

5-Port Switches

8-Port Switches

16-Port Switches

Mobile Wi-Fi

WiFi on the go

MiFi

4G+ MiFi

Adapters

Equip your devices for a faster Wi-Fi

USB Adapters

High Gain Adapters

High Power Adapters

PCIe Adapters

Accessories

Everything else you need for a connected lifestyle

USB Hubs & Converters

Charging

Print Servers

Bluetooth Music Receivers

Antennas
Smart Home
Kasa Smart Home

Tapo Smart
Home Security

Keeping an eye on what matters

Smart Plugs

Smarten up your home devices

Smart Bulbs

Light for every occasion

Smart Switches

More than just on and off
Business
Business

Community

Solutions

Case Studies

Configuration Guides

Network Deployment Advisor
Omada Cloud SDN

The smarter cloud solution for business networking

What is Omada?

Controllers

Access Points

Switches

Routers

All Products

Switches

High-Speed wired networking from L3 managed to unmanaged

PoE Switches

Managed Switches

Smart Switches

Easy Smart Switches

Unmanaged Switches

LiteWave Unmanaged Switches

Accessories

Omada Access Points

Professional business Wi-Fi with centralized management

WiFi 6 APs

Ceiling Mount APs

Outdoor APs

Wall Plate APs

Pharos Wireless Broadband

Ideal for long range wireless broadband networking

Outdoor Radio

Antennas and Accessories

Business Router

Secure VPN and Load Balance gateways to the business

VPN Routers

Load Balance Routers

VIGI Surveillance

VIGI video surveillance is dedicated to your security

VIGI Network Camera

VIGI Network Video Recorder

VIGI Management Software
Service Provider
Service Provider

Agile Solutions

ISP Tools
Wi-Fi Routers

The reliable choice for home networking

Whole-Home Mesh

A seamless, intelligent and easy-to-configure mesh network

Deco Cloud Management

VDSL

Capable of high-speed network and integrated broadband applications

GPON

The leading technology for delivering gigabit Internet services

LTE

Maintains internet access wherever you go.

LTE Router

LTE MiFi

How to configure MAC ACL on Smart and L2 Managed switches using the new GUI

Configuration Guide

Updated 06-06-2018 03:44:41 AM

14411

This Article Applies to:

This article applies to:

T1500G-10PS v2 or above, T1500G-8T v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-52TS v3 or above, T1600G-52PS v3 or above, T1600G-28PS v3 or above, T1600G-28TS v3 or above, T1600G-18TS v2 or above, T1700X-16TS, T2600G-52TS v3 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above.

MAC ACL can be used to control packet transmission based on MAC addresses. In a simple scenario, the administrator can use MAC ACL to restrict the communication between different devices.

Example:

As the following topology shows, the Marketing department is connected under port 1 of the switch. It is required that the Marketing department cannot visit the FTP server, except the administrator.

Configuration Scheme:

In this scenario, MAC ACL is recommended to fulfill the requirement. We can only create several MAC ACL rules to permit the access of the administrator and deny the access of the other marketing department members.

1. Go to SECURITY > ACL > ACL Config page, create a MAC ACL 100 for the marketing department.

2.After the above step, the MAC ACL 100 will appear in the ACL Config table. Click to add ACL rules.

3.Click to add MAC ACL rules.

4.Configure rule 5 to permit packets from the administrator host to the FTP server with the source MAC address 8C-DC-D4-40-A1-79 and destination MAC address 40-61-86-FC-71-56.

5.Configure rule 15 to deny other packets to the FTP server with destination MAC address 40-61-86-FC-71-56.

6.Configure rule 25 to permit all the other packets that match neither of the above rules.

7.Go to SECURITY > ACL > ACL Binding > Port Binding page, click to load the following page. Bind MAC ACL 100 to port 1 to make the ACL rules take effect.

Note:

Every ACL has an implicit “deny all” rule at the end of an ACL rule list. That is, if an ACL is applied to a packet and none of the explicit rules match, then the final implicit deny all rule takes effect and the packet is dropped.

Is this faq useful?
Your feedback helps improve this site.

From United States?

Check products and services for your region.

Go Other Option