Installation and Getting Started Guide
If you are modifying an existing MAC filter group, click on the Modify button to the right of the row
describing the filter group to display the Filter Group configuration panel, as shown in the following
16. Select the port (and slot, if applicable) for which you are configuring the filter group. You can configure one
MAC filter group on each port.
17. Enter the filter numbers in the Filter ID List field. Separate each filter number from the next one by a single
space. The software applies the filters in the order you list them, from left to right. When a packet matches a
filter, the software stops comparing the packet against the filter list and applies the action specified in the
18. Click the Add button to save the filter to the device's running-config file.
19. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.
Enabling Logging of Packets Denied by MAC Filters
You can configure the HP device to generate Syslog entries and SNMP traps for packets that are denied by Layer
2 MAC filters. You can enable logging of denied packets on a global basis or an individual port basis.
See Example 4 in the "show logging" section in the "Show Commands" chapter of the Command Line Interface
Reference for a description of how the timer for the entries works. Layer 2 MAC filters and IP access policies use
the same timer, whereas Access Control Lists (ACLs) use a separate timer, but the timers work the same way.
Thus, the description of how the ACL timer works also applies to the Layer 2 MAC filters and IP access policies.
USING THE CLI
To configure Layer 2 MAC filter logging globally, enter the following CLI commands at the global CONFIG level:
HP9300(config)# mac filter log_en
HP9300(config)# write memory
Syntax: [no] mac filter log_en
To configure Layer 2 MAC filter logging for MAC filters applied to ports 1/1 and 3/3, enter the following CLI
HP9300(config)# int ethernet 1/1
HP9300(config-if-1/1)# mac filter-group log_en
HP9300(config-if-1/1)# int ethernet 3/3
HP9300(config-if-3/3)# mac filter-group log_en
HP9300(config-if-3/3)# write memory
Syntax: [no] mac filter-group log_en
USING THE WEB MANAGEMENT INTERFACE
You cannot configure a Layer 2 MAC filter to generate Syslog entries and SNMP traps for denied packets using
the Web management interface.
9 - 54