Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)
Send comments to nx5000-docfeedback@cisco.com
6-47
Cisco Nexus 5000 Series Command Reference
OL-16599-01
Chapter 6 Security Commands
mac access-list
mac access-list
To create a Media Access Control (MAC) access control list (ACL) or to enter MAC access list
configuration mode for a specific ACL, use the mac access-list command. To remove a MAC ACL, use
the no form of this command.
mac access-list access-list-name
no mac access-list access-list-name
Syntax Description
Command Default No MAC ACLs are defined by default.
Command Modes Configuration mode
Command History
Usage Guidelines Use MAC ACLs to filter non-IP traffic. If you disable packet classification, you can use MAC ACLs to
filter all traffic.
When you use the mac access-list command, the switch enters MAC access list configuration mode,
where you can use the MAC deny and permit commands to configure rules for the ACL. If the ACL
specified does not exist, the switch creates it when you enter this command.
Use the mac access-group command to apply the ACL to an interface.
Every MAC ACL has the following implicit rule as its last rule:
deny any any protocol
This implicit rule ensures that the switch denies the unmatched traffic, regardless of the protocol
specified in the Layer 2 header of the traffic.
Examples This example shows how to enter MAC access list configuration mode for a MAC ACL named
mac-acl-01:
switch(config)# mac access-list mac-acl-01
switch(config-acl)#
Related Commands
access-list-name Name of the MAC ACL.
Release Modification
4.0(0)N1(1a) This command was introduced.
Command Description
deny (MAC) Configures a deny rule in a MAC ACL.
mac access-group Applies a MAC ACL to an interface.