Users Guide
mac access-group
Apply a MAC ACL to trac entering or exiting an interface. Enter into the Interface mode and apply the MAC ACL in the following manner.
Syntax
mac access-group access-list-name {in [vlan vlan-range] | out}
To delete a MAC access-group, use the no mac access-group mac-list-name command.
Parameters
access-list-name Enter the name of a congured MAC access list, up to 140 characters.
vlan vlan-range (OPTIONAL) Enter the keyword vlan and then enter a range of VLANs. The range is
from 1 to 4094 (you can use IDs 1 to 4094).
NOTE: This option is available only with the keywordin option.
in Enter the keyword in to congure the ACL to lter incoming trac.
out Enter the keyword out to congure the ACL to lter outgoing trac.
Defaults none
Command Modes INTERFACE
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information You can assign one ACL (standard or extended) to an interface.
In case of applying a MAC ACL to trac entering or exiting a VLAN interface. Enter the VLAN interface mode and
apply the mac acl in the following manner.
mac access-group access-list-name {in | out}
1 If the MAC ACL is applied on VLAN, none of the VLAN members should have an access list applied for that
VLAN.
2 If the MAC ACL is applied on a Physical or Port Channel interface, the VLAN in which this port is associated
should not have an access list applied.
3 If the MAC ACL is applied on a VLAN, then that VLAN should not belong to VLAN ACL group.
4 If the MAC ACL is applied on a VLAN ACL group, then none of the VLANs in that group should have an
access list applied on it.
Related Commands
mac access-list standard — congures a standard MAC ACL.
mac access-list extended — congures an extended MAC ACL.
Access Control Lists (ACL) 183