››

Allow Specific Host

The Allow Specific Host ACL will allow only a specific Host(s) access to the network.

Note: The user can further constrain this ACL by combining Sticky MAC or Static MAC to ensure the MAC/IP binding.

The Bound SRC IP when defined with /32 indicates that ONLY that address is allowed.

This ACL is only valid if it is on a Default Deny VLAN or has an ACL profile with a Deny Any MAC.

EMS Allows Specific Host Procedure

Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
Select the EMS ACL Create a New Rule icon and name the ACL profile to Allow Specific Host-1.
Click on the Create Rule button and perform the following steps:

Step 1: Enter "Allow Specific Host" in Rule Name: entry box:

Step 2: Select "Basic ACL" from the ACL Type: Dropdown

Step 3: Select "Permit "from the Action: Dropdown

Step 4: Select "Any Mac(s)" from the SourceMAC(s): dropdown

Step 5: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window

Step 6: Select the MAC address entry in the Source Mac(s) window

Step 7: Enter "1" in the Max MAC(s) entry box

Step 8: Enter "1" in the Max IPs Per MAC entry box

Step 9: Enter the IP address "192.168.122.181" in the Bound SRC IP(s): entry box

Step 10: Add Bit count: 32" in the Bound SRC IP(s): entry box

Step 11: Click on the Add button to add the Bound SRC IP(s) and bit count to the Bound SRC IP(s): window

Step 12: Click on the Save buttonto save the rule profile

Click on the Apply button to add the ACL profile to the Profile Name window list.
After the Profile has been generated, the ACL status is displayed. Click on the Close button to complete the ACL profile.

CLI ACL Allow Specific Host Procedure

Open a CLI session and create a AllowSpecificHost ACL profile.

Note: The created ACL profile name is case-sensitive.

ESUx> profile acl create name=AllowSpecificHost-1 <enter> 
success 
ESUx> _

From the ESUx> command line, input profile acl edit name=AllowSpecificHost-1 rule number=1 basic action=permit l2 et=ipv4-arp sa=any max-macs=1 l3 source-IP=192.168.122.181, and press Enter. Output similar to the following is displayed:
ESUx> profile acl edit name=AllowSpecificHost-1 rule number=1 basic action=permit l2 et=ipv4-arp sa=any max-macs=1 l3 source-IP=192.168.122.181 <enter> success ESUx> _

Verify the CLI entry

From the ESUx> command line, input profile acl show name=AllowSpecificHost-1, and press Enter. Output similar to the following is displayed:

ESUx> profile acl show name=AllowSpecificHost-1 <enter>

| Access Control List Profile                                                |
|============================================================================|
| Profile Name            : AllowSpecificHost-1                              |
|                                                                            |
| Rule #1                                                                    |
|   Rule Identifier       : Rule-1                                           |
|   Type                  : basic                                            |
|   Action                : permit                                           |
|                                                                            |
|   Layer 2                                                                  |
|     Ethertype           : IPv4/ARP (0x0800/0x0806)                         |
|                                                                            |
|     Source MAC(s)                                                          |
|       MAX Source MACs   : 1                                                |
|       SA #1             : any                                              |
|                                                                            |
|   Layer 3                                                                  |
|                                                                            |
|     Source IP/Subnet(s)                                                    |
|                                                                            |
|       Bound to SA #1                                                       |
|         MAX Source IPs  : 1                                                |
|         SIP #1          : 192.168.122.181                                  |
|                                                                            |
|============================================================================|

ESUx> _

| Next

FEEDBACK: Are you happy with this material?

Thank you Your feedback helps us to continually improve our content.

On this page

EMS Allows Specific Host Procedure
CLI ACL Allow Specific Host Procedure
- Verify the CLI entry