ACL based on source MAC addresses and destination IP addresses on S series switches

15

S series switches (except S1700 switches) do not support ACL based on source MAC addresses and destination IP addresses.
If only the source MAC address and destination MAC address need to be specified, you can configure a Layer 2 ACL whose number ranges from 4000 to 4999.
If only the source IP address and destination IP address need to be specified, you can configure an advanced ACL whose number ranges from 3000 to 3999.

Other related questions:
How to display the source and destination addresses of forwarded packets on S series switches
For S series switches (except the S1700), no command is available to display the source or destination addresses of the forwarded packets. If you want to obtain the addresses, use a tool to capture packets.

Can an S series switches forward a packet if both the source and destination IP addresses of the packet are multicast addresses
The S5710-C-LI or S5700SI drops packets whose source and destination IP addresses are both multicast addresses. Other switches broadcast such packets in a VLAN.

How is an S series switch process the Query message with the destination MAC address as the unicast MAC address
After Layer 2 multicast is enabled on a switch, the switch checks the destination MAC addresses of received IGMP messages. If the destination MAC address of a packet does not match its destination IP address, the switch drops the packet. Therefore, when the switch receives IGMP Query messages with unicast destination MAC addresses, it drops the messages. As a result, user hosts cannot receive the Query messages, and multicast forwarding entries on the switch cannot be updated. Then multicast forwarding is interrupted. When the switch connects to an ME60 and the ME60 performs multicast replication on a per user basis, IGMP Query messages sent from the ME60 uses user MAC addresses as destination MAC addresses. The switch drops these IGMP Query messages. In this case, modify the configuration on the ME60 to ensure that the IGMP Query messages sent from the ME60 use destination MAC addresses mapping their destination IP addresses. Then the switch can generate a router port when receiving the Query messages and forward the Query message to user hosts.

What is the default destination MAC address of a cluster of an S series switch
The default destination MAC address of BPDUs is 0180-c200-000A. You can change the destination MAC address in the following range: 0180-c200-0004�?180-c200-0007 0180-c200-0009�?180-c200-0010 0180-c200-0020�?180-c200-002f If another device also uses 0180-c200-000A as the destination MAC address of BPDUs, devices can communicate with each other directly. If not, change the destination MAC address on the other device to ensure that the two devices use the same destination MAC address for BPDUs. You can check the destination MAC address by running the display cluster command. For example: [HUAWEI] display cluster Cluster name:"HUAWEI" Role:Administrator switch management vlan id : 1(default vlan) Cluster multicast MAC address : 0180-c200-000a(default) Cluster auto-join : disabled Handshake timer:10 sec Handshake hold-time:60 sec IP pool:172.19.250.1/24 No logging host configured No SNMP host configured No FTP server configured No TFTP server configured No SFTP server configured cluster-member ftp-timeout: 1200 sec(default) Cluster SNMP NAT capability : enabled Cluster FTP NAT capability : disabled There are 1 member(s) in the cluster, and 0 of them are down. Note: S series switches (excluding the S1700) in V200R002 and later versions, and V100R006C05 do not support HGMP.

What is the destination MAC address of RAPS PDUs of S series switches
For S series switches, the destination MAC address of RAPS PDUs is 0119-a700-0001.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top