12 mac filtering, 1 default policy of mac filtering, 2 adding policy of mac filter – Siemens S223 User Manual

User Manual UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5

A50010-Y3-C150-2-7619 163

7.12 MAC

Filtering

It is possible to forward frame to MAC address of destination. Without specific perform-
ance degradation, maximum 4,096 MAC addresses can be registered.

7.12.1

Default Policy of MAC Filtering

The basic policy of filtering based on system is set to allow all packets for each port.
However the basic policy can be changed for user’s requests.

After configuring basic policy of filtering for all packets, use the following command on
Bridge mode to show the configuration.

Command Mode

Description

mac-filter default-policy

{deny |

permit

} PORTS

Bridge

Configures basic policy of MAC Filtering in specified
port.

By default, basic filtering policy provided by system is configured to permit all packets in
each port.

Sample Configuration

This is an example of blocking all packets in port 1~3 and port 7.

SWTICH(bridge)# mac-filter default-policy deny 5-10

SWTICH(bridge)# mac-filter default-policy permit 2

SWTICH(bridge)# show mac-filter default-policy

-------------------------

PORT POLICY | PORT POLICY

------------+------------

1 PERMIT | 2 PERMIT

3 PERMIT | 4 PERMIT

5 DENY | 6 DENY

7 DENY | 8 DENY

9 DENY | 10 DENY

11 PERMIT | 12 PERMIT

13 PERMIT | 14 PERMIT

15 PERMIT | 16 PERMIT

17 PERMIT | 18 PERMIT

19 PERMIT | 20 PERMIT

21 PERMIT | 22 PERMIT

23 PERMIT | 24 PERMIT

25 PERMIT | 26 PERMIT

27 PERMIT | 28 PERMIT

SWITCH(bridge)#

7.12.2

Adding Policy of MAC Filter

You can add the policy to block or to allow some packets of specific address after config-
uring the basic policy of MAC Filtering. To add this policy, use the following commands on
Bridge Configuration

mode.