Reference v4.1.0 Instruction Manual
440 Network OS Command Reference
53-1003115-01
mac access-group
2
mac access-group
Applies rules specified in a MAC access control list (ACL) to traffic entering or exiting an interface.
Synopsis mac access-group name {in | out}
no mac access-group name {in | out}
Operands name Specifies the name of the standard or extended MAC access list.
in Specifies to filter inbound packets only.
out Specifies to filter outbound packets only.
Defaults No access lists are applied to the interface.
Command Modes Interface subtype configuration mode
Description Use this command to apply a MAC ACL to a supported interface.
Create the MAC ACL by using the mac access-list global configuration command.
Usage Guidelines You can assign one MAC ACL (standard or extended) to an interface.
When a packet is received on an interface with a MAC ACL applied, the switch checks the rules in
the ACL. If any of the rules match, the switch permits or drops the packet, according to the rule.
If the specified ACL does not exist, the switch permits all the packets.
Enter no mac access-group name {in | out} to remove the MAC ACL from the interface.
Examples To apply an ingress MAC ACL named macacl2, and to filter inbound packets only, on a specific
10-gigabit Ethernet interface:
switch(config)# interface tengigabitethernet 178/0/9
switch(conf-if-te-178/0/9)# mac access-group macacl2 in
To remove an ingress MAC ACL named macacl2 from a specific port-channel interface:
switch(config)# interface port-channel 62
switch(conf-port-channel-62)# no mac access-group macacl2 in
See Also interface, mac access-list extended, mac access-list standard