HP Cisco MDS 9140 Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2( - Page 383
mac port access-group
View all HP Cisco MDS 9140 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 383 highlights
Chapter 6 Security Commands mac port access-group Send comments to [email protected] mac port access-group To apply a MAC access control list (ACL) to an interface, use the mac port access-group command. To remove a MAC ACL from an interface, use the no form of this command. mac port access-group access-list-name no mac port access-group access-list-name Syntax Description access-list-name Name of the MAC ACL, which can be up to 64 alphanumeric, case-sensitive characters long. Command Default None Command Modes Interface configuration mode Command History Release 4.0(0)N1(1a) Modification This command was introduced. Usage Guidelines By default, no MAC ACLs are applied to an interface. MAC ACLs apply to non-IP traffic. If packet classification is disabled, MAC ACLs apply to all traffic. You can use the mac port access-group command to apply a MAC ACL as a port ACL to the following interface types: • Layer 2 interfaces • Layer 2 EtherChannel interfaces You can also apply a MAC ACL as a VLAN ACL. For more information, see the match, page 51. The switch applies MAC ACLs only to inbound traffic. When the switch applies a MAC ACL, the switch checks packets against the rules in the ACL. If the first matching rule permits the packet, the switch continues to process the packet. If the first matching rule denies the packet, the switch drops the packet and returns an ICMP host-unreachable message. If you delete the specified ACL from the switch without removing the ACL from an interface, the deleted ACL does not affect traffic on the interface. Examples This example shows how to apply a MAC ACL named mac-acl-01 to Ethernet interface 1/2: switch(config)# interface ethernet 1/2 switch(config-if)# mac port access-group mac-acl-01 OL-16599-01 Cisco Nexus 5000 Series Command Reference 6-49