148
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter M Commands
mac port access-group
mac port access-group
To apply a MAC access control list (ACL) to an interface, use the mac port access-group command. To
remove a MAC ACL from an interface, use the no form of this command.
mac port access-group access-list-name
no mac port access-group access-list-name
Syntax Description
Command Default None
Command Modes Interface configuration mode
Virtual Ethernet interface configuration mode
Command History
Usage Guidelines By default, no MAC ACLs are applied to an interface.
MAC ACLs apply to non-IP traffic.
You can use the mac port access-group command to apply a MAC ACL as a port ACL to the following
interface types:
• Layer 2 interfaces
• Layer 2 EtherChannel interfaces
• Virtual Ethernet interfaces
You can also apply a MAC ACL as a VLAN ACL. For more information, see the match command.
The switch applies MAC ACLs only to inbound traffic. When the switch applies a MAC ACL, the switch
checks packets against the rules in the ACL. If the first matching rule permits the packet, the switch
continues to process the packet. If the first matching rule denies the packet, the switch drops the packet
and returns an ICMP host-unreachable message.
If you delete the specified ACL from the switch without removing the ACL from an interface, the deleted
ACL does not affect traffic on the interface.
Examples This example shows how to apply a MAC ACL named mac-acl-01 to Ethernet interface 1/2:
switch(config)# interface ethernet 1/2
switch(config-if)# mac port access-group mac-acl-01
switch(config-if)#
access-list-name Name of the MAC ACL, which can be up to 64 alphanumeric, case-sensitive
characters long.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
