Adding and Managing a MAC ACL on a Switch

You can add and manage a MAC Access Control Lists (ACLs) on switch ports from the RUCKUS One web interface.

Complete the following steps to create a MAC ACL on a switch port.
  1. From the navigation bar, select Wired > Switches > Switch List.
    The Switches page is displayed.
  2. Click on a specific switch and in the Overview tab, select the ACLs sub-tab.
    By default, the Layer 2 sub-tab is displayed with the following information:
    • ACL Name: Displays the name of the MAC ACL.
    • Type: Displays the MAC ACL type.
      • --: The MAC ACL at the switch level does not have the same name at the Policies & Profiles level.
      • Shared: The MAC ACL at the switch level has same name and rules as the Switch Layer 2 access control policy defined at the Policies & Profiles level. Any change at the Policies & Profiles level impacts the settings at the switch level.
      • Customized: The MAC ACL at the switch level has same name as the Switch Layer 2 access control policy defined at the Policies & Profiles level but with customized rules at the switch level. Any change at the Policies & Profiles level does not impact the setting at the switch level.
  3. Click Add MAC ACL and configure the following settings:
    1. Enter a MAC ACL name.
    2. Under Rules, click Add Rule.
      Adding a MAC ACL
      Adding a MAC ACL Rule

      Configure the following settings:

      The Add Rule sidebar is displayed.
      • For Action, select an MAC ACL rule (Permit or Deny).
      • For Source MAC, select Any or Source MAC Address to enter a source MAC address and mask. The mask is used to define a range of MAC addresses. The mask comprises 0 and f characters. In each bit position, an f means that the bit is not checked, and a 0 means that the bit must equal the value in the defined MAC address. For example, mask 0000.0000.0000 matches only the defined MAC address, whereas mask ffff.ffff.ffff matches all MAC addresses.
      • For Destination MAC, select Any or Destination MAC Address to enter a destination MAC address and destination mask.
      • Click Add. You can see the new MAC ACL rule added in the Rules table.

        Select a specific MAC ACL rule and click Edit or Delete to perform the edit or delete operations, respectively.

  4. Click Add.

    You can see the MAC ACL added to the Layer 2 table.

  5. (Optional) From the list of existing MAC ACLs, click the radio button for a specific policy and perform the following actions:
    • Click Edit to edit the MAC ACL. In the Edit MAC ACL sidebar, click Use Policies & Profiles Level Settings to override the customized MAC ACL setting and follow the definition in Policies & Profiles. On the contrary, you can override the Policies & Profiles level setting by clicking Customized.
    • Click Delete to delete the policy.
    Note: When the ACL is being actively used on any ports in the network, editing or deleting the MAC ACL will impact those ports. The system requires you to confirm that you want to complete the action by clicking Apply or Delete. Otherwise, you may click Cancel to cancel the action.
  6. (Optional) Click on a specific MAC ACL to view the MAC ACL configuration details page.
You can view the configuration history of a MAC Auth policy at the venue level in the switch configuration details page (Venues > Edit Venue > Switch Configuration > Configuration History).