How to configure MAC ACL on Smart/Managed switch?

Introduction:

MAC ACL,also known as MAC filter, provides customers with the accesses to allow/block devices with specific MAC address to connect the network.

Note: The configurations described in this document are based on the cleared (default) devices. If your network is live, please be aware of the potential impact of any configuration.

Application scenario:

Only PC A can communicate with PC B while other PCs cannot get through any ports of the switch. In this article, we take TL-SG2216 v2 as example, other smart/managed switches have the similar configurations.

Configuration

Step 1: Create MAC ACL

1.Click the “ACL”--“ACL Config” in the left bar.

2.Then click “ACL Create” to create a ACL ID (0-99 for MAC ACL), here we take ID 11 as example; click “Create” to save; the same steps to create another two ACL ID 12 and 13.

3.Click “MAC ACL” to create MAC rule. Choose the ACL ID 11 created in the last step, and fill a Rule ID for MAC rule (the ID can be same as ACL ID); choose “Permit” for the “Operation”; click S-MAC and D-MAC and fill the blank with the MAC addresses as shown in the picture below. Click “Create” to save.

Note: you can use Mask to add the devices with serial MAC address.

4.Choose ACL ID 12, and fill the Rule ID with 12 as well; choose “Permit” for the Operation; click S-MAC and D-MAC and fill the blank with the MAC addresses as shown in the picture below. Click “Create” to save.

Note: Be careful that the S-MAC and D-MAC is inversed, that is to say we have to create two permit rules to allow the two-way data flows.

5.Choose ACL ID 13 and fill the Rule ID with 13; choose “Deny” for Operation; leave the S-MAC and D-MAC unselected as shown in the picture below; click “Create” to save.

Note: the unselected S-MAC and D-MAC mean all the devices’ MAC.

Step2: Policy config

1.Click “ACL”--“Policy Config” in the left bar.

2.Click “Policy Create”, fill the “Policy Name”, here we take 11 as example; click “Create” to save. Same steps to create another two policy name 12 and 13.

3.Click “Action Create” to bind the policy and the ACL rule. Select the policies and the ACL rules correspondingly to binding the three policies and three ACL rules respectively; Click “Create” to save.

Step 3: Policy Binding

1.Click “ACL”--”Policy Binding” in the left bar.

2.Click “Port Binding” to bind the policies with the ports. Select policy 11 and fill the “Port” blank with 1-16 to bind the policy with all the ports; click the “Bind” to save. Same steps to bind another two policies and the ports respectively.

Note: You can also bind the policy with specific ports according to your application scenario.

3.After binding all the policies with the ports, you can click “Binding Table” to check the bindings.

Note: The smaller “Index” respects higher priority, and the “Index” is decided by the binding order of the policies. In the application shown in this document, we should bind the permit policies before the deny policy to make them have higher priority.

If you just want to block a specific device connected to the switch to communicate with other devices, simply creating a Deny rule--bind with a policy--apply the policy to specific ports is OK, since the switch permits all the devices as default.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.