Mac Access-List - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Table of Contents

mac access-list

To create a MAC access control list (ACL) or to enter MAC access list configuration mode for a specific

ACL, use the mac access-list command. To remove a MAC ACL, use the no form of this command.

mac access-list access-list-name

no mac access-list access-list-name

Syntax Description

access-list-name

Command Default

Command Modes

Global configuration

Command History

Usage Guidelines

No MAC ACLs are defined by default.

Use MAC ACLs to filter non-IP traffic. If you disable packet classification, you can use MAC ACLs to filter

all traffic.

When you use the mac access-list command, the device enters MAC access list configuration mode, where

you can use the MAC deny and permit commands to configure rules for the ACL. If the ACL specified does

not exist, the device creates it when you enter this command.

Use the mac port access-group command to apply the ACL to an interface.

Every MAC ACL has the following implicit rule as its last rule:

deny any any

This implicit rule ensures that the device denies the unmatched traffic, regardless of the protocol specified in

the Layer 2 header of the traffic.

Use the statistics per-entry command to configure the device to record statistics for each rule in a MAC

ACL. The device does not record statistics for implicit rules. To record statistics for packets that would match

the implicit rule, you must explicitly configure a rule to deny the packets.

This command does not require a license.

Cisco Nexus 7000 Series Security Command Reference

Name of the MAC ACL, which can be up to 64

alphanumeric, case-sensitive characters long but

cannot contain a space or a quotation mark.

Modification

This command was introduced.