Mac Port Access-Group - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Table of Contents

mac port access-group

To apply a MAC access control list (ACL) to an interface, use the mac port access-group command. To

remove a MAC ACL from an interface, use the no form of this command.

mac port access-group access-list-name

no mac port access-group access-list-name

Syntax Description

access-list-name

Command Default

Command Modes

Interface configuration

Command History

Usage Guidelines

By default, no MAC ACLs are applied to an interface.

MAC ACLs apply to non-IP traffic, unless the device is configured to not classify traffic based on Layer 3

headers. If packet classification is disabled, MAC ACLs apply to all traffic.

You can use the mac port access-group command to apply a MAC ACL as a port ACL to the following

interface types:

• Layer 2 interfaces

• Layer 2 Ethernet port-channel interfaces

You can also apply a MAC ACL as a VLAN ACL. For more information, see the match (VLAN access-map)

The device applies MAC ACLs only to inbound traffic. When the device applies a MAC ACL, the device

checks packets against the rules in the ACL. If the first matching rule permits the packet, the device continues

to process the packet. If the first matching rule denies the packet, the device drops the packet and returns an

ICMP host-unreachable message.

If you delete the specified ACL from the device without removing the ACL from an interface, the deleted

ACL does not affect traffic on the interface.

This command does not require a license.

Cisco Nexus 7000 Series Security Command Reference

Name of the MAC ACL, which can be up to 64

alphanumeric, case-sensitive characters.

Modification

This command was introduced.