Adding and Managing a MAC ACL on a Switch

You can add and manage a MAC Access Control Lists (ACLs) on switch ports from the RUCKUS One web interface.

Complete the following steps to create a MAC ACL on a switch port.
  1. From the navigation bar, select Wired > Switches > Switch List.
    The Switches page is displayed.
  2. Click on a specific switch and in the Overview tab, select the ACLs sub-tab.
    By default, the Layer 2 sub-tab is displayed with the following information:
    • ACL Name: Displays the name of the MAC ACL.
    • Type: Displays the MAC ACL type.
      • --: The MAC ACL at the switch level does not have the same name at the Policies & Profiles level.
      • Shared: The MAC ACL at the switch level has the same name and rules as the Switch Layer 2 Access Control policy defined in the system. Any change to the policy automatically updates the switch-level settings.
      • Customized: The MAC ACL at the switch level shares the same name as the Switch Layer 2 Access Control policy but includes customized rules. Changes to the policy do not affect the switch-level settings.
  3. Click Add MAC ACL and configure the following settings:
    1. Enter a MAC ACL name.
    2. Under Rules, click Add Rule.
      Adding a MAC ACL
      Adding a MAC ACL Rule

      Configure the following settings:

      The Add Rule sidebar is displayed.
      • For Action, select an MAC ACL rule (Permit or Deny).
      • For Source MAC, select Any or Source MAC Address to enter a source MAC address and mask. The mask is used to define a range of MAC addresses. The mask comprises 0 and f characters. In each bit position, an f means that the bit is not checked, and a 0 means that the bit must equal the value in the defined MAC address. For example, mask 0000.0000.0000 matches only the defined MAC address, whereas mask ffff.ffff.ffff matches all MAC addresses.
      • For Destination MAC, select Any or Destination MAC Address to enter a destination MAC address and destination mask.
      • Click Add. You can see the new MAC ACL rule added in the Rules table.

        Select a specific MAC ACL rule and click Edit or Delete to perform the edit or delete operations, respectively.

  4. Click Add.

    You can see the MAC ACL added to the Layer 2 table.

  5. (Optional) From the list of existing MAC ACLs, click the radio button for a specific policy and perform the following actions:
    • Click Edit to modify the MAC ACL. In the Edit MAC ACL sidebar, click Use Default Settings to override the customized MAC ACL configuration and follow the definition in the Service Catalog. To customize the MAC ACL independently, click Customized.
    • Click Delete to delete the policy.
    Note: When the ACL is being actively used on any ports in the network, editing or deleting the MAC ACL will impact those ports. The system requires you to confirm that you want to complete the action by clicking Apply or Delete. Otherwise, you may click Cancel to cancel the action.
  6. (Optional) Click on a specific MAC ACL to view the MAC ACL configuration details page.
You can view the configuration history of a MAC Auth policy at the venue level in the switch configuration details page (Venues > Edit Venue > Switch Configuration > Configuration History).