We will see how to manage mac filtering with commands line on Cisco SG switch series.
Let see how to allow only 00:11 MAC addresses family and 24:B6:FD:14:08:53 host. Any others addresses will be rejectedConfiguration
Create ACL
Switch (config)# mac access-list extended MF01
Switch (config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any ace-priority 20
Switch (config-mac-al)# permit 48:bd:0e:02:ea:41 00:00:00:00:00:00 any ace-priority 10
Switch (config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any ace-priority 8
Switch (config-mac-al)# deny any any ace-priority 40
Associate MF01 acl to interfaces
Switch (config)# interface range ge1/0/4-18
Switch (config-if-range)# service-acl input MF01
Switch (config-if-range)# no service-acl input MF01
Useful Commands
Switch # show access-lists MF01
Extended MAC access list MF01
permit host 48:bd:0e:02:ea:41 any ace-priority 10
permit host 24:b6:fd:14:08:53 any ace-priority 20
deny any any ace-priority 40
Switch (config)# mac access-list extended MF01
Switch(config-mac-al)# no permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch (config)# no mac access-list extended MF01
Example
Switch (config)# mac access-list extended MF01
Switch (config-mac-al)# permit 00:11:00:00:00:00 00:00:FF:FF:FF:FF any
Switch (config-mac-al)# permit 24:B6:FD:14:08:53 00:00:00:00:00:00 any
Switch (config-mac-al)# deny any any
Switch (config)# interface range ge1/0/1-24
Switch (config-if-range)# service-acl input MF01
Contact :
Fr