beautypg.com

Fortinet 548B User Manual

Page 903

background image

- 903 -

Selection Criteria

MAC ACL - Select the MAC ACL for which to create or update a rule.

Rule - Select an existing rule or select 'Create New Rule' to add a new Rule. New rules cannot be
created if the maximum number of rules has been reached. For each rule, a packet must match all
the specified criteria in order to be true against that rule and for the specified rule action
(Permit/Deny) to take place.

Configurable Data

Rule - Enter a whole number in the range of (1 to 8) that will be used to identify the rule.

Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are
permit or deny.

Logging - When set to 'True', logging is enabled for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was 'hit' during the current report interval. A fixed 5
minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is
zero for the current interval. This field is visible for a 'Deny' Action.

Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets
matching this ACL rule. Valid range of Queue Ids is (0 to 6).

Mirror Interface - Specifies the specific egress interface where the matching traffic stream is copied
in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface
is already configured for the ACL rule. This field is visible for a 'Permit' Action.

Redirect Interface - Specifies the specific egress interface where the matching traffic stream is
forced, bypassing any forwarding decision normally performed by the device.

CoS - Specifies the 802.1p user priority to compare against an Ethernet frame. Valid range of values
is (0 to 7).

Destination MAC - Specifies the destination MAC address to compare against an Ethernet frame.
Valid format is (xx:xx:xx:xx:xx:xx). The BPDU keyword may be specified using a Destination MAC
address of 01:80:C2:xx:xx:xx.

Destination MAC Mask - Specifies the destination MAC address mask specifying which bits in the
destination MAC to compare against an Ethernet frame. Valid format is (xx:xx:xx:xx:xx:xx). The
BPDU keyword may be specified using a Destination MAC mask of 00:00:00:ff:ff:ff.

Ethertype Key - Specifies the Ethertype value to compare against an Ethernet frame.
Valid values are

Appletalk

ARP

IBM SNA

IPv4

IPv6

IPX

MPLS multicast

MPLS unicast

NetBIOS

Novell

PPPoE

Reverse ARP

User Value