Cisco Nexus 7000 Series Security Command Reference - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Reference manual (746 pages)

Configuration manual (536 pages)

Hardware installation and reference manual (508 pages)

page of 1018

/ 1018
Contents
Table of Contents
Bookmarks

Table of Contents

vlan VLAN-ID

time-range time-range-name

Command Default

A newly created MAC ACL contains no rules.

If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater than

the last rule in the ACL.

Command Modes

MAC ACL configuration

Command History

Usage Guidelines

When the device applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The

device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more

than one rule are satisfied, the device enforces the rule with the lowest sequence number.

This command does not require a license.

Source and Destination

You can specify the source and destination arguments in one of two ways. In each rule, the method that you

use to specify one of these arguments does not affect how you specify the other argument. When you configure

a rule, use the following methods to specify the source and destination arguments:

• Address and mask—You can use a MAC address followed by a mask to specify a single address or a

MAC-address MAC-mask

The following example specifies the source argument with the MAC address 00c0.4f03.0a72:

switch(config-acl)# deny 00c0.4f03.0a72 0000.0000.0000 any

The following example specifies the destination argument with a MAC address for all hosts with a MAC

vendor code of 00603e:

switch(config-acl)# deny any 0060.3e00.0000 0000.0000.0000

• Any address—You can use the any keyword to specify that a source or destination is any MAC address.