Search
Search Menu

How to configure MAC ACL on Smart and L2 Managed switches using the new GUI

Configuration Guide
Updated 06-06-2018 03:44:41 AM 45759
This Article Applies to: 

This article applies to:

T1500G-10PS v2 or above, T1500G-8T v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-52TS v3 or above, T1600G-52PS v3 or above, T1600G-28PS v3 or above, T1600G-28TS v3 or above, T1600G-18TS v2 or above, T1700X-16TS, T2600G-52TS v3 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above.

 

MAC ACL can be used to control packet transmission based on MAC addresses. In a simple scenario, the administrator can use MAC ACL to restrict the communication between different devices.

 

Example:

As the following topology shows, the Marketing department is connected under port 1 of the switch. It is required that the Marketing department cannot visit the FTP server, except the administrator.

Configuration Scheme:

In this scenario, MAC ACL is recommended to fulfill the requirement. We can only create several MAC ACL rules to permit the access of the administrator and deny the access of the other marketing department members.

1. Go to SECURITY > ACL > ACL Config page, create a MAC ACL 100 for the marketing department.

2.After the above step, the MAC ACL 100 will appear in the ACL Config table. Click to add ACL rules.

3.Click  to add MAC ACL rules.

4.Configure rule 5 to permit packets from the administrator host to the FTP server with the source MAC address 8C-DC-D4-40-A1-79 and destination MAC address 40-61-86-FC-71-56.

5.Configure rule 15 to deny other packets to the FTP server with destination MAC address 40-61-86-FC-71-56.

6.Configure rule 25 to permit all the other packets that match neither of the above rules.

7.Go to SECURITY > ACL > ACL Binding > Port Binding page, click to load the following page. Bind MAC ACL 100 to port 1 to make the ACL rules take effect.

Note:

Every ACL has an implicit “deny all” rule at the end of an ACL rule list. That is, if an ACL is applied to a packet and none of the explicit rules match, then the final implicit deny all rule takes effect and the packet is dropped.

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.

GO Other Option

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager & Google Optimize

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Facebook

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or