How to Use MAC Address/Mask Map Rules
This section provides several examples of how to use MAC address rules with an address mask.
Example 1 – Drop Rule
In this example, set up a map rule that denies packets with a source leader in a bidirectional clock relationship (formerly master) MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:
Field in Map Rule Command |
Value |
macsrc |
00 00 00 00 00 03 |
<mac-netmask> |
FF FF FF FF FF FE |
Command:
(config map macmap) # rule add drop macsrc 00:00:00:00:00:03 ffff.ffff.fffe
Result:
Packets with the following two MAC source addresses are dropped:
00:00:00:00:00:02 |
00:00:00:00:00:03 |
All other MAC addresses will pass this filter.
Example 2 – Pass Rule
In this example, we will change the map rule action we set up in Example 1 – Drop Rule from drop to pass.
Command:
(config map passmac) # rule add pass macsrc 00:00:00:00:00:03 ffff.ffff.fffe
Result:
Only packets with the following two MAC source addresses are accepted:
00:00:00:00:00:02 |
00:00:00:00:00:03 |
All other MAC addresses are denied.
Example 3 – Drop Rule
In this example, set up a map rule that denies packets with a source MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:
Field |
Value |
macsrc |
00:00:00:00:00:03 |
<mac-netmask> |
FFFF.FFFF. FFF1 |
Command:
(config map macdrop) # rule add drop macsrc 00:00:00:00:00:03 ffff.ffff.fff1
Result:
Packets with the following eight MAC source addresses are dropped:
00:00:00:00:00:01 |
00:00:00:00:00:03 |
00:00:00:00:00:05 |
00:00:00:00:00:07 |
00:00:00:00:00:09 |
00:00:00:00:00:0b |
00:00:00:00:00:0d |
00:00:00:00:00:0f |
All other MAC addresses will pass this map rule.
Example 4 – Dropping Odd-Numbered MAC Addresses
In this example, set up a rule that denies packets with a source MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:
Field |
Value |
macsrc |
00:00:00:00:00:03 |
<mac-netmask> |
0000.0000.0001 |
Command:
(config map oddmac) # rule add drop macsrc 00:00:00:00:00:03 0000.0000.0001
Result:
All odd-numbered MAC source addresses are denied:
00:00:00:00:00:01 |
00:00:00:00:00:03 |
ff:ff:ff:ff:ff:fb |
ff:ff:ff:ff:ff:fd |
ff:ff:ff:ff:ff:ff |
Only packets from even-numbered MAC source addresses will pass through this rule. All the odd-numbered MAC source addresses are dropped.
Example 5 – Allowing Odd-Numbered MAC Addresses
In this example, we will change the map rule action we set up in Example 4 – Dropping Odd-Numbered MAC Addresses from drop to pass.
Command:
(config map oddmac) # rule add pass macsrc 00:00:00:00:00:03 0000.0000.0001
Result:
Only packets from odd-numbered MAC source addresses will pass through this rule. All the even-numbered MAC source addresses are dropped.
Example 6 – Allowing All Traffic to Pass Through Based on Wild-card MAC Address
In this example, we will change the map rule action we set up a wild card MAC address for all traffic. This is useful when all traffic is required to go to the tool port but one cannot use the map-passall command because a GigaSMART operation is required on the traffic.
Command:
(config map passallmac) # rule add pass macsrc 00:00:00:00:00:00 00:00:00:00:00:00
Result:
All packets will pass through this rule to the tool port without filtering.