Reference Guide
Access Control Lists (ACL) | 221
Defaults
Not configured
Command Modes
CONFIGURATION
Command
History
Usage
Information
FTOS supports one ingress and one egress MAC ACL per interface.
Prior to 7.8.1.0, names are up to 16 characters long.
The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation
for detailed specification on entries allowed per ACL.
C-Series and S-Series support ingress ACLs only.
Example
Figure 6-7. Command Example: mac-access-list standard
permit
c e s z
Configure a filter to forward packets from a specific source MAC address.
Syntax
permit {any | mac-source-address [mac-source-address-mask]} [count [byte]] | [log]
[monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s sequence number or
• Use the no permit {any | mac-source-address mac-source-address-mask} command.
Parameters
Version 8.3.11.1 Introduced on the Z9000.
Version 8.1.1.0 Introduced on E-Series ExaScale
Version 7.8.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to
16 characters long.
Version 7.6.1.0 Support added for S-Series
Version 7.5.1.0 Support added for C-Series
pre-Version 6.1.1.0 Introduced for E-Series
FTOS(conf)#mac-access-list access-list standard TestMAC
FTOS(config-std-macl)#?
deny Specify packets to reject
description List description
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Specify access-list entry remark
seq Sequence numbers
show Show Standard ACL configuration
any Enter the keyword any to forward all packets received with a MAC
address.
mac-source-address
Enter a MAC address in nn:nn:nn:nn:nn:nn format.
mac-source-address-mask
(OPTIONAL) Specify which bits in the MAC address must match. If
no mask is specified, a mask of 00:00:00:00:00:00 is applied (in other
words, the filter allows only MAC addresses that match).