cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1926
Views
0
Helpful
6
Replies

nexus 3064pq mac filter

acceleration352
Level 1
Level 1

I have a nexus 3064pq (not X) and all the commands related to applying a mac address access list seem to be missing. I have it upgraded to 7.0(3)I4(6) and I can create a mac access list but all the commands related to applying it to a port or vlan seem to be missing. Beside enabling vlan-interface feature to apply it to a vlan I do not see any other related feature to enable here, so I am not sure why the command is missing.

Is somehow a mac - access list not available on a 3064pq switch, it seems odd ip access-group but not mac access-group would be supported on a switch. Is there something I am missing here?

3064PQ-2-56M-ATL(config)# int eth 1/1

3064PQ-2-56M-ATL(config-if)# mac ?
  E.E.E              Static Router MAC (2) address (Option 1)
  EE-EE-EE-EE-EE-EE  Static Router MAC (2) address (Option 2)
  EE:EE:EE:EE:EE:EE  Static Router MAC (2) address (Option 3)
  EEEE.EEEE.EEEE     Static Router MAC (2) address (Option 4)
  ipv6-extract       Extract mac-address (2) from the IPv6 address configured on the interface.

3064PQ-2-56M-ATL(config-if)# ip ?
  access-group  Specify access control for packets
  port          Port policy

3064PQ-2-56M-ATL# sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source.  This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0  or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.

Software
  BIOS: version 4.0.0
  NXOS: version 7.0(3)I4(6)
  BIOS compile time:  12/05/2016
  NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
  NXOS compile time:  3/9/2017 22:00:00 [03/10/2017 02:05:18]


Hardware
  cisco Nexus3000 C3064PQ Chassis
  Intel(R) Celeron(R) CPU        P4505  @ 1.87GHz with 3903304 kB of memory.
  Processor Board ID FOC172125T1

  Device name: 3064PQ-2-56M-ATL
  bootflash:    1638000 kB
  usb1:               0 kB (expansion flash)

Kernel uptime is 0 day(s), 0 hour(s), 34 minute(s), 48 second(s)

Last reset at 10886 usecs after  Sat Jul 29 15:40:41 2017

  Reason: Disruptive upgrade
  System version: 6.0(2)U6(5)
  Service:

plugin
  Core Plugin, Ethernet Plugin

Active Package(s):

6 Replies 6

Vinit Jain
Cisco Employee
Cisco Employee

Could you please share the output of "show run int e1/1". Could you please try to configure switchport under the interface and then see if you get an option for mac ACL.

Thanks

Vinit

Thanks
--Vinit

I have the exact same problem.

Version:

Software
BIOS: version 4.0.0
NXOS: version 7.0(3)I4(6)
BIOS compile time: 12/06/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 14:05:18]


Hardware
cisco Nexus3064 Chassis
Intel(R) Celeron(R) CPU P4505 @ 1.87GHz with 3903304 kB of memory.

From "show hardware":

Switch is booted up
Switch type is : Nexus3064 Chassis
Model number is N3K-C3064PQ-10GE
H/W version is 1.0
Part Number is 68-4339-01
Part Revision is A0
Manufacture Date is Year 2012 Week 1

Trying to configure/create a MAC access-list is impossible, the only command available is "mac address-table":

s01(config)# mac ?
address-table MAC Address Table

s01(config)# mac access-list test
^
% Invalid command at '^' marker.

The "show mac access-list" is there, shows obviously nothing since the "mac access-list" command is missing:

s01# show mac access-lists
s01#

I am extremely disappointed with these Nexus 3000 switches, they are full of bugs and missing features. This is just one of many issues.

There is no configuration here besides it being set as a trunk:

 


!Command: show running-config interface Ethernet1/1
!Time: Mon Jul 31 09:03:29 2017

version 7.0(3)I4(6)

interface Ethernet1/1
  switchport mode trunk

I have noted now before I upgraded the firmware I was able to use the mac-list command to make a list, but there was no way to apply it to an interface, now I upgraded the config the mac-list command is missing too, so it is looking like mac access lists are just not supported on the nexus 3064 pq for some reason. I was just hoping there was some feature I was missing or something here that was not on by default, in our nexus 5020 we can do this with no issues and have all the same features enabled in the config.

I have updated to the latest NX-OS 7.0(3)I6(1) and the "mac access-list" command is still missing.

I have found no documentation about MAC ACL being not supported on 3064-E / 3064PQ or that it would be supported only on some platforms.

The Cisco Nexus 3000 configuration guide and command reference definitely list MAC ACL and "mac access-list" command.

It is a grave error to not document a platform limitation like this if it truly is not supported!!!

If you check in the linked article above, though there is a Title " Information about mac acls" it doesnt actually link to anything and there is no actual information anywhere in there about mac acls, and all the commands lised in other documents about mac acls are missing in the nexus 3064pq.

 

It seems this feature is just missing on the 3064pq, its just that cisco doesnt come out and say it directly is or isn't supported in any document, just the information is conspicously missing in articles like the above.

Review Cisco Networking for a $25 gift card