Hi guys,
I have run into an issue when configuring a MAC ACL using the UI. My setup is a fairly simple stacked set of 2x 5524 and 5x 5548P. All I want to achieve is applying a MAC ACL to every port on every switch which denies access to only a few specific MAC addresses.
Now the ACL itself I have working. I've created an ACL with three ACEs, two of which are deny entries for test MAC addresses, the third of which is an allow all other entry at a much lower priority, like so:
I have then applied this to a few test ports, like so:
Now all of this works swimmingly, I know that without the priority 999 item it blocks all MACs, and with that it still blocks the ones I want blocked without blocking everything else.
My problem is this. When I realised that the first two lines alone would not do what I want as it blocked everything rather than just what I wanted, I went to edit the ACL and add the third shown ACE to it whilst it was still assigned to ports. I was told that I can't edit the ACL as long as it's still bound to a port. Now this to me seems ludicrous. Given that I'm not a competent CLI user and choose to manage my switches in the GUI, and further given that the "copy to, select all" function in the second shown screenshot there doesn't actually function and only actually copies the config to the last selected port in any given selected range, it means that every time I want to make a change to this ACL and add an extra ACE I would need to remove the ACL binding from every port and then manually re-apply the ACL after my edit to all 288 ports... Individually... One at a time...
Just doing a quick estimation here, assuming a fairly quick rate of clicks and the occasional break for a breath or a quick drink, that's approx. 45 minutes to add one MAC address to my ACL. Can't say that particularly floats my boat!
Can someone please let me know if I've missed something here and that there's a way to do this that will actually make it feasible?
Many thanks in advance for any help!