Hello,

I have a switch 3850 with IOS-XE 03.02.03.SE. 

I am trying to filter by MAC address using Vlan access-map, but it is not working.

So, I am trying to troubleshoot but there is no 'log' commnads as point in the config guide: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01010.html#ID2496

SW(config)#vlan access-map ALLOWED_DEVICES_VLAN 20
SW(config-access-map)# action drop ?
<cr>

SW(config-access-map)# action drop

My configuration is:

mac access-list extended ALLOWED_DEVICES_MAC
permit host 0000.0cX.X any
permit host 1005.caX.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 1803.73X.X any
permit host 2047.47X.X any
permit host 2047.47X.X any
permit host 2047.47X.X any
permit host 3820.56X.X any
permit host 84b2.61X.X any
permit host 84b2.61X.X any
permit host 649e.f3X.X any
!
!
vlan access-map ALLOWED_DEVICES_VLAN 10
match mac address ALLOWED_DEVICES_MAC
action forward
vlan access-map ALLOWED_DEVICES_VLAN 20
action drop
!

Is it possible that I can be affected by a bug?

Could anyone suggest a debug command?

Thanks for your help,

Sergio