Configuring media access control (MAC) ACLs - Metasys - LIT-12012458 - Field Device - 13.0

Metasys IP Networks for BACnet/IP Controllers Technical Bulletin

Brand
Metasys
Document type
Technical Bulletin
Document number
LIT-12012458
Version
13.0
Revision date
2023-10-23
Product status
Active
Language
English

Media Access Control (MAC) ACLs restrict access to devices that have a specified MAC address or MAC prefix. While a device's MAC address can be easily spoofed thereby defeating the MAC ACL, MAC ACLs add one more line of defense in preventing unauthorized devices from accessing the Metasys BACnet/IP network. They also prevent the inadvertent connection of a non-BAS devices to a dedicated BAS network.

Important: The following MAC ACL entries are intended as examples and do not necessarily represent the complete and definitive list of MAC prefixes that must be included in the JCI-MAC ACL.
Table 1. Configuring (MAC) ACLs on a Cisco managed switch

Configuration step

Cisco IOS CLI command

1

Enter global configuration mode.

Switch# configure terminal

2

Create a MAC ACL for JCI devices. In this example, the ACL is named JCI-MAC.

Switch(config)# mac access-list extended JCI-MAC

3

Add the range of MACs to be allowed.

Switch(config-mac-acl)# permit "add allowed MAC address or address range" any

4

Exit global configuration mode.

Switch(config-mac-acl)# end