Reference Guide
If no access-list is attached to the interface, no information displays and you are
returned to the DELL# prompt.
Example
show mac accounting access-list
mac access-list standard mac
seq 5 permit 11:22:33:44:55:66 count
seq 10 deny any log threshold-in-msgs 10 interval 5 order 1
seq 15 permit any order 2 monitor
!
Standard MAC ACL Commands
The following commands configure standard MAC ACLs. The C9000 supports both Ingress and Egress
MAC ACLs.
When you create an access control list without any rule and then apply it to an interface, the ACL
behavior reflects implicit permit.
NOTE: For more information, also refer to the Commands Common to all ACL Types and Common
MAC Access List Commands sections.
deny
To drop packets with a matching MAC address, configure a filter.
C9000 Series
Syntax
deny {any | mac-source-address [mac-source-address-mask]}
[count [byte]] [log [interval minutes] [threshold-in-msgs
[count]] [monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no deny {any | mac-source-address mac-source-address-
mask} command.
Parameters
any Enter the keyword any to specify that all routes are subject
to the filter.
mac-source-
address
Enter a MAC address in nn:nn:nn:nn:nn:nn format.
mac-source-
address-mask
(OPTIONAL) Specify which bits in the MAC address must
match. If no mask is specified, a mask of 00:00:00:00:00:00
is applied (in other words, the filter allows only MAC
addresses that match).
count (OPTIONAL) Enter the keyword count to count packets
processed by the filter.
312
Access Control Lists (ACL)