mac access-group
Applies rules specified in a MAC access control list (ACL) to traffic entering or exiting an interface.
Syntax
mac access-group
ACLname
{
in
|
out
}
no mac access-group
ACLname
{
in
|
out
}
Parameters
-
ACLname
- Specifies the name of the standard or extended MAC access list.
-
in
- Applies the ACL to incoming switched and routed traffic.
-
out
- Applies the ACL to outgoing routed and (for
XGS devices) also to switched traffic.
Modes
Interface-subtype configuration mode
Usage Guidelines
You can apply a maximum of five ACLs to a user interface, as follows:
- One ingress MAC ACL—if the interface is in switchport mode
- One egress MAC ACL—if the interface is in switchport mode
- One ingress IPv4 ACL
- One egress IPv4 ACL
- One ingress IPv6 ACL
On XGS devices, you can apply MAC ACLs to port-channels (LAGs) only ingress.
You can apply an ACL to multiple interfaces. And you can apply an ACL twice—ingress and egress—to a given user interface.
To remove an ACL from an interface, enter the
no form of this command.
Examples
The following example applies a MAC ACL to
filter inbound packets only, on a specified Ethernet interface.
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# mac access-group macacl2 in
The following example removes a MAC ACL from a specified port-channel interface.
device(config)# interface port-channel 62
device(config-Port-channel-62)# no mac access-group macacl2 in
