07-29-2017 01:19 PM - edited 03-05-2019 08:55 AM
I have a nexus 3064pq (not X) and all the commands related to applying a mac address access list seem to be missing. I have it upgraded to 7.0(3)I4(6) and I can create a mac access list but all the commands related to applying it to a port or vlan seem to be missing. Beside enabling vlan-interface feature to apply it to a vlan I do not see any other related feature to enable here, so I am not sure why the command is missing.
Is somehow a mac - access list not available on a 3064pq switch, it seems odd ip access-group but not mac access-group would be supported on a switch. Is there something I am missing here?
3064PQ-2-56M-ATL(config)# int eth 1/1
3064PQ-2-56M-ATL(config-if)# mac ?
E.E.E Static Router MAC (2) address (Option 1)
EE-EE-EE-EE-EE-EE Static Router MAC (2) address (Option 2)
EE:EE:EE:EE:EE:EE Static Router MAC (2) address (Option 3)
EEEE.EEEE.EEEE Static Router MAC (2) address (Option 4)
ipv6-extract Extract mac-address (2) from the IPv6 address configured on the interface.
3064PQ-2-56M-ATL(config-if)# ip ?
access-group Specify access control for packets
port Port policy
3064PQ-2-56M-ATL# sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 4.0.0
NXOS: version 7.0(3)I4(6)
BIOS compile time: 12/05/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 02:05:18]
Hardware
cisco Nexus3000 C3064PQ Chassis
Intel(R) Celeron(R) CPU P4505 @ 1.87GHz with 3903304 kB of memory.
Processor Board ID FOC172125T1
Device name: 3064PQ-2-56M-ATL
bootflash: 1638000 kB
usb1: 0 kB (expansion flash)
Kernel uptime is 0 day(s), 0 hour(s), 34 minute(s), 48 second(s)
Last reset at 10886 usecs after Sat Jul 29 15:40:41 2017
Reason: Disruptive upgrade
System version: 6.0(2)U6(5)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
07-29-2017 09:02 PM
Could you please share the output of "show run int e1/1". Could you please try to configure switchport under the interface and then see if you get an option for mac ACL.
Thanks
Vinit
07-31-2017 04:53 AM
I have the exact same problem.
Version:
Software
BIOS: version 4.0.0
NXOS: version 7.0(3)I4(6)
BIOS compile time: 12/06/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 14:05:18]
Hardware
cisco Nexus3064 Chassis
Intel(R) Celeron(R) CPU P4505 @ 1.87GHz with 3903304 kB of memory.
From "show hardware":
Switch is booted up
Switch type is : Nexus3064 Chassis
Model number is N3K-C3064PQ-10GE
H/W version is 1.0
Part Number is 68-4339-01
Part Revision is A0
Manufacture Date is Year 2012 Week 1
Trying to configure/create a MAC access-list is impossible, the only command available is "mac address-table":
s01(config)# mac ?
address-table MAC Address Table
s01(config)# mac access-list test
^
% Invalid command at '^' marker.
The "show mac access-list" is there, shows obviously nothing since the "mac access-list" command is missing:
s01# show mac access-lists
s01#
I am extremely disappointed with these Nexus 3000 switches, they are full of bugs and missing features. This is just one of many issues.
07-31-2017 06:12 AM
There is no configuration here besides it being set as a trunk:
!Command: show running-config interface Ethernet1/1
!Time: Mon Jul 31 09:03:29 2017
version 7.0(3)I4(6)
interface Ethernet1/1
switchport mode trunk
I have noted now before I upgraded the firmware I was able to use the mac-list command to make a list, but there was no way to apply it to an interface, now I upgraded the config the mac-list command is missing too, so it is looking like mac access lists are just not supported on the nexus 3064 pq for some reason. I was just hoping there was some feature I was missing or something here that was not on by default, in our nexus 5020 we can do this with no issues and have all the same features enabled in the config.
07-31-2017 07:26 AM
I have updated to the latest NX-OS 7.0(3)I6(1) and the "mac access-list" command is still missing.
I have found no documentation about MAC ACL being not supported on 3064-E / 3064PQ or that it would be supported only on some platforms.
The Cisco Nexus 3000 configuration guide and command reference definitely list MAC ACL and "mac access-list" command.
It is a grave error to not document a platform limitation like this if it truly is not supported!!!
09-11-2017 03:32 PM
09-29-2017 10:20 AM
If you check in the linked article above, though there is a Title " Information about mac acls" it doesnt actually link to anything and there is no actual information anywhere in there about mac acls, and all the commands lised in other documents about mac acls are missing in the nexus 3064pq.
It seems this feature is just missing on the 3064pq, its just that cisco doesnt come out and say it directly is or isn't supported in any document, just the information is conspicously missing in articles like the above.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide