How to Use MAC Address/Mask Map Rules

This section provides several examples of how to use MAC address rules with an address mask.

Example 1 – Drop Rule

In this example, set up a map rule that denies packets with a source leader in a bidirectional clock relationship (formerly master) MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:

Field in Map Rule Command

Value

macsrc

00 00 00 00 00 03

<mac-netmask>

FF FF FF FF FF FE

Command:

(config map macmap) # rule add drop macsrc 00:00:00:00:00:03 ffff.ffff.fffe

Result:

Packets with the following two MAC source addresses are dropped:

■   00:00:00:00:00:02
■   00:00:00:00:00:03

All other MAC addresses will pass this filter.

Example 2 – Pass Rule

In this example, we will change the map rule action we set up in Example 1 – Drop Rule from drop to pass.

Command:

(config map passmac) # rule add pass macsrc 00:00:00:00:00:03 ffff.ffff.fffe

Result:

Only packets with the following two MAC source addresses are accepted:

■   00:00:00:00:00:02
■   00:00:00:00:00:03

All other MAC addresses are denied.

Example 3 – Drop Rule

In this example, set up a map rule that denies packets with a source MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:

Field

Value

macsrc

00:00:00:00:00:03

<mac-netmask>

FFFF.FFFF. FFF1

Command:

(config map macdrop) # rule add drop macsrc 00:00:00:00:00:03 ffff.ffff.fff1

Result:

Packets with the following eight MAC source addresses are dropped:

■   00:00:00:00:00:01
■   00:00:00:00:00:03
■   00:00:00:00:00:05
■   00:00:00:00:00:07
■   00:00:00:00:00:09
■   00:00:00:00:00:0b
■   00:00:00:00:00:0d
■   00:00:00:00:00:0f

All other MAC addresses will pass this map rule.

Example 4 – Dropping Odd-Numbered MAC Addresses

In this example, set up a rule that denies packets with a source MAC address matching that specified in the map rule. The map rule will use the following values for macsrc and <mac-netmask>:

Field

Value

macsrc

00:00:00:00:00:03

<mac-netmask>

0000.0000.0001

Command:

(config map oddmac) # rule add drop macsrc 00:00:00:00:00:03 0000.0000.0001

Result:

All odd-numbered MAC source addresses are denied:

■   00:00:00:00:00:01
■   00:00:00:00:00:03
■   ff:ff:ff:ff:ff:fb
■   ff:ff:ff:ff:ff:fd
■   ff:ff:ff:ff:ff:ff

Only packets from even-numbered MAC source addresses will pass through this rule. All the odd-numbered MAC source addresses are dropped.

Example 5 – Allowing Odd-Numbered MAC Addresses

In this example, we will change the map rule action we set up in Example 4 – Dropping Odd-Numbered MAC Addresses from drop to pass.

Command:

(config map oddmac) # rule add pass macsrc 00:00:00:00:00:03 0000.0000.0001

Result:

Only packets from odd-numbered MAC source addresses will pass through this rule. All the even-numbered MAC source addresses are dropped.

Example 6 – Allowing All Traffic to Pass Through Based on Wild-card MAC Address

In this example, we will change the map rule action we set up a wild card MAC address for all traffic. This is useful when all traffic is required to go to the tool port but one cannot use the map-passall command because a GigaSMART operation is required on the traffic.

Command:

(config map passallmac) # rule add pass macsrc 00:00:00:00:00:00 00:00:00:00:00:00

Result:

All packets will pass through this rule to the tool port without filtering.