CLI Guide
mac access-group
Apply a MAC ACL to traffic entering or exiting an interface. Enter into the Interface mode and apply the
MAC ACL in the following manner.
Syntax
mac access-group access-list-name {in [vlan vlan-range] | out}
To delete a MAC access-group, use the no mac access-group mac-list-
name command.
Parameters
access-list-name Enter the name of a configured MAC access list, up to 140
characters.
vlan vlan-range (OPTIONAL) Enter the keyword vlan and then enter a range
of VLANs. The range is from 1 to 4094 (you can use IDs 1 to
4094).
NOTE: This option is available only with the keywordin
option.
in Enter the keyword in to configure the ACL to filter
incoming traffic.
out Enter the keyword out to configure the ACL to filter
outgoing traffic.
Defaults none
Command Modes INTERFACE
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information You can assign one ACL (standard or extended) to an interface.
In case of applying a MAC ACL to traffic entering or exiting a VLAN interface. Enter
the VLAN interface mode and apply the mac acl in the following manner.
mac access-group access-list-name {in | out}
1. If the MAC ACL is applied on VLAN, none of the VLAN members should have
an access list applied for that VLAN.
2. If the MAC ACL is applied on a Physical or Port Channel interface, the VLAN in
which this port is associated should not have an access list applied.
3. If the MAC ACL is applied on a VLAN, then that VLAN should not belong to
VLAN ACL group.
4. If the MAC ACL is applied on a VLAN ACL group, then none of the VLANs in
that group should have an access list applied on it.
Access Control Lists (ACL)
205