User Guide
OmniAccess SafeGuard OS Administration Guide
303
Chapter 7: Establishing a Security Policy
2 Specify one or more MAC addresses, VLAN, or IP addresses (TCP, UDP, or ICMP)
to add using the command:
system white-black list [mac mac_addr mask | vlan vlan | IP address]
[
deny|permit] {description string}
The following example adds MAC address 11:22:33:44:55:66 to the white list, or
those addresses permitted into the network.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #system white-black list
(SafeGuardOS) (whiteblack-list) #mac 11:22:33:44:55:66 ff:ff:ff:ff:ff:ff
permit description “printer”
(SafeGuardOS) (whiteblack-list) #
To put the MAC address on the black list, specify the deny option:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #system white-black list
(SafeGuardOS) (whiteblack-list) #mac 11:22:33:44:55:66 ff:ff:ff:ff:ff:ff
deny description “printer”
(SafeGuardOS) (whiteblack-list) #
Prioritizing List Entries
System white-black list entries are processed from the top to the bottom of the list. Items
found first in the list have priority over items lower on the list.
For example, take the following scenario. An administrator has 100 IP phones and want
to create a single system MAC entry with a MAC mask to deny access for all of the
Syntax Description mac_addr MAC address that overrides policy. The
MAC address can either be the source or
destination address; it is independent of
direction. MAC addresses may be
specified in any of the following formats:
■ aa:bb:cc:dd:ee:ff
■ aabb:ccdd:eeff
■ aa-bb-cc-dd-ee-ff
■ aabb.ccdd.eeff
■ aabbccddeeff
mask Specifies a MAC mask in dotted-quad
notation. For example, ff:ff:ff:ff:ff:ff
deny Denies access to the MAC address.
permit Permits access to the MAC address.
string (Optional) A string that describes the entry.
Specify strings in double quotation marks.