mf – a family of commands for configuring traffic filtering by MAC address

ngfw> mf feature

Enable traffic filtering by MAC address. Note: disabled by default.

ngfw> no mf feature

Disable traffic filtering by MAC address.

ngfw> show mf feature

Show the status of traffic filtering by MAC address. Example output:

{
  "ngfw-mac-filter:mac-filter": {
    "feature": false  }
}

ngfw> mf rule <name>

Create security rule <name> and go to the security rule command subtree.

ngfw> mf rule=['name']> action (allow|block)

Set action for security rule: <allow> to allow traffic, <block> to block traffic. Note: required setting.

ngfw> mf rule=['name']> src-mac-addr <address>

Set source MAC address in the "aa:bb:cc:11:22:33" format. Note: optional setting. By default, Any.

ngfw> mf rule=['name']> dst-mac-addr <address>

Specify destination MAC address in the "aa:bb:cc:11:22:33" format. Note: optional setting. By default, Any.

ngfw> mf rule=['name']> no src-mac-addr

Set source MAC address to any.

ngfw> mf rule=['name']> no dst-mac-addr

Set destination MAC address to any.

Usage example:

ngfw> mf rule allow_1
ngfw> mf rule=['allow_1']> action allow
ngfw> mf rule=['allow_1']> src-mac-addr a1:a2:a3:a4:a5:a6
ngfw> mf rule=['allow_1']> dst-mac-addr d1:d2:d3:d4:d5:d6
ngfw> mf rule=['allow_1']> exit
ngfw> mf rule allow_2
ngfw> mf rule=['allow_2']> action allow
ngfw> mf rule=['allow_2']> dst-mac-addr c1:c2:c3:c4:c5:c6
ngfw> mf rule=['allow_2']> exit
ngfw> mf rule block_all
ngfw> mf rule=['block_all']> action block
ngfw> mf rule=['block_all']> exit
ngfw> commit

ngfw> show mf rule <name>

Show information about rule <name>. Example output of the ngfw> show mf rule allow_1 command:

{
  "ngfw-mac-filter:mac-filter": {
    "rules": {
      "rule": [        {
          "id": "3480c8f3-1d38-49bf-b779-dbeaf280d604",
          "name": "allow_1",
          "action": "allow",
          "src-mac-addr": "a1:a2:a3:a4:a5:a6",
          "dst-mac-addr": "d1:d2:d3:d4:d5:d6"        }      ]    }  }
}

ngfw> show mf rules

Show information about all rules. Example output:

{
  "ngfw-mac-filter:mac-filter": {
    "rules": {
      "rule": [        {
          "id": "3480c8f3-1d38-49bf-b779-dbeaf280d604",
          "name": "allow_1",
          "action": "allow",
          "src-mac-addr": "a1:a2:a3:a4:a5:a6",
          "dst-mac-addr": "d1:d2:d3:d4:d5:d6"        },        {
          "id": "a21854ee-4fd5-47f5-8b1c-a69b6d157d01",
          "name": "allow_2",
          "action": "allow",
          "dst-mac-addr": "c1:c2:c3:c4:c5:c6"        },        {
          "id": "5ba43caf-791d-4783-8070-a0cdb6eb5156",
          "name": "block_all",
          "action": "block"        }      ]    }  }
}

| Prev | Home | Next |