This table shows the licensing requirements for this feature.
MAC ACLs require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For an explanation of the Cisco NX-OS licensing scheme, see the Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.2.
Prerequisites for MAC ACLs
There are no prerequisites for configuring MAC ACLs.
Guidelines and Limitations for MAC ACLs
MAC ACLs have the following configuration guidelines and limitations:
MAC ACLs apply to ingress traffic only.
ACL statistics are not supported if the DHCP snooping feature is enabled.
Default Settings for MAC ACLs
This table lists the default settings for MAC ACL parameters.
Copies the running configuration to the startup configuration.
Changing Sequence Numbers in a MAC ACL
You can change all the sequence numbers assigned to rules in a MAC ACL. Resequencing is useful when you need to insert rules into an ACL and there are not enough available sequence numbers.
2.resequence mac access-list name starting-sequence-numberincrement
3.(Optional) show mac access-listsname
4.(Optional) copy running-config startup-config
Command or Action
switch# configure terminal
Enters global configuration mode.
resequence mac access-list name starting-sequence-numberincrement
switch(config)# resequence mac access-list acl-mac-01 100 10
Assigns sequence numbers to the rules contained in the ACL, where the first rule receives the number specified by the starting-sequence number that you specify. Each subsequent rule receives a number larger than the preceding rule. The difference in numbers is determined by the increment number that you specify.
You can enable or disable MAC packet classification on a Layer 2 interface.
Before You Begin
The interface must be configured as a Layer 2 interface.
If the interface is configured with the ip port access-group command or the ipv6 port traffic-filter command, you cannot enable MAC packet classification until you remove the ip port access-group and ipv6 port traffic-filter commands from the interface configuration.
2.Enter one of the following commands:
3. [no] mac packet-classify
4.(Optional) Enter one of the following commands:
show running-config interface ethernet slot/port
show running-config interface port-channelchannel-number