Static MAC

The Static MAC feature is very similar to the Sticky MAC but allows the user to explicitly configure the MAC or list of MAC address that are allowed on the port.  As with any of the ACLs discussed within this section, you can combine it with other filters to, for example, restrict a user to a specific subnet.

This example shows an ACL that will only allow the MAC address 01:1c:23:11:5a:e0 to pass traffic on this port and will furthermore ensure that all packets can only come from the 192.168.1.32 address.  The /32 indicates the full 32 bits must match, and shorter masks can be used to for example, lock a device to a specific subnet.  This would typically be used on a Default Deny VLAN to allow a specific MAC/device access.

EMS Static Mac Procedure   

1. Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
2. Select the EMS ACL Create a new profile icon and name the ACL profile to StaticMac-1.  
3. Click on the Create Rule button and perform the following steps:
   
   
    

Step 1: Enter "Filter 1" in Rule Name: entry box:

Step 2: Select "Basic ACL"  from the ACL Type: Dropdown

Step 3: Select "Permit" from the Action: Dropdown

Step 4: Select "Static Mac(s)" from the SourceMAC(s): dropdown

Step 5: Add the MAC address "01:1c:23:11:5a:e0" to the Source Mac(s) Add entry box

Step 6: Add Bit count: "32" to the Source Mac(s) Add entry box

Step 7: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window

Step 8: Select the MAC address entry in the Source Mac(s) window

Step 9: Enter "1" in the Max MAC(s) entry box

Step 10: Enter "1" in the Max IPs Per MAC  entry box

Step 11: Enter the IP address "192.168.1.32" in the Bound SRC IP(s): entry box

Step 12: Add Bit count: "32" in the Bound SRC IP(s): entry box

Step 13: Click on the Add button to add the Bound SRC IP(s) and bit count to the Bound SRC IP(s):  window

Step 14: Click on the Save button to save the rule profile

4. Click on the Apply button to add the ACL profile to the Profile Name window list.
5. After the Profile has been generated, the ACL status is displayed.  Click on the Close button to complete the ACL profile.

CLI ACL Static Mac Procedure 

1.  Open a CLI session and create a StaticMac ACL profile.
2. From the ESUx> command line, input profile acl create name=StaticMac-1, and press Enter. Output similar to the following is displayed:

ESUx> profile acl create name=StaticMac-1 <enter> 
success 
ESUx> _ 

3. From the ESUx> command line, input profile acl edit name=StaticMac-1 rule number=1 basic action=permit l2 et=ipv4-arp, and press Enter. Output similar to the following is displayed:

   ESUx> profile acl edit name=StaticMac-1 rule number=1 basic action=permit l2 et=ipv4-arp <enter> success ESUx> _

Verify the CLI entry

1. From the ESUx> command line, input profile acl show name=StaticMac-1, and press Enter. Output similar to the following is displayed:

   ESUx> profile acl show name=StaticMac=-1 <enter> | Access Control List Profile | |============================================================================| | Profile Name : StickyMac-1 | | | | Rule #1 | | Rule Identifier : Rule-1 | | Type : basic | | Action : permit | | | | Layer 2 | | Ethertype : IPv4/ARP (0x0800/0x0806) | | | | Source MAC(s) | | MAX Source MACs : 1 | | SA #1 : sticky | | | | Layer 3 | | | | Source IP/Subnet(s) | | | |============================================================================| ESUx> _