Address Group

The following scenario shows how to configure a traffic group with different MAC addresses. traffic selectors can be configured to filter network packets based on their source / destination MAC address.

Test Traffic Group With MAC Addresses

Description

In this scenario, a link traffic policy is configured to deny non-matching packets in DUT0 (‘eth0’ interface). Packets are filtered using a traffic selector and a traffic group.

Scenario

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.0.0.1/24
set traffic group mac-address ALLOWED_MACS element de:ad:be:ef:6c:00-de:ad:be:ef:6c:20
set traffic group mac-address ALLOWED_MACS element de:ad:be:ef:6c:30
set traffic selector SEL_ALLOWED rule 1 source mac-address-group ALLOWED_MACS
set traffic policy ACCEPT_ALLOWED rule 1 selector SEL_ALLOWED
set traffic policy ACCEPT_ALLOWED rule 1 action accept
set traffic policy ACCEPT_ALLOWED rule 2 action drop
set interfaces ethernet eth0 traffic policy link ACCEPT_ALLOWED

Step 2: Set the following configuration in DUT1:

set interfaces ethernet eth0 address 10.0.0.2/24

Step 3: Run command interfaces ethernet show detail at DUT1 and check if output contains the following tokens:

de:ad:be:ef:6c:20
de:ad:be:ef:6c:21

Step 4: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints

admin@DUT0$ monitor test connection server 8080 tcp
admin@DUT1$ monitor test connection client 10.0.0.1 8080 tcp local-interface eth0

Step 5: Expect a failure in the following command: Initiate a tcp connection from DUT1 to DUT0 and try to send some messages between both endpoints

admin@DUT0$ monitor test connection server 8080 tcp
admin@DUT1$ monitor test connection client 10.0.0.1 8080 tcp local-interface eth1