match
(for MAC groups)
Syntax
[seq <SEQ-ID>] match {mac <MAC-ADDR> | mac-mask <MAC-MASK> | mac-oui <MAC-OUI>}
no [seq <SEQ-ID>] match {mac <MAC-ADDR> | mac-mask <MAC-MASK> | mac-oui <MAC-OUI>}
Description
Defines a rule to match devices for a MAC group based on the criteria of MAC address, MAC address mask, or MAC Organizational Unique Identifier (OUI). Up to 64 match rules can be defined for a group.
You must not configure the following special MAC addresses:
Null MAC—For example, 00:00:00:00:00:00 or 00:00:00/32
Multicast MAC
Broadcast MAC—For example, ff:ff:ff:ff:ff:ff:ff
System MAC
Although the switch accepts these addresses, it will not process these addresses for the local MAC match feature.
The
no
form of this command removes a rule for adding devices to a MAC group.
The number of clients that can onboard based on the match criteria is configured in the
aaa authentication port-access client-limit
command. For information about this command, see the
Security Guide for your switch.
Command context
config-mac-group
Parameters
seq <SEQ-ID>
- Specifies the entry sequence ID of the rule to create or modify a MAC group. If no ID is specified when adding a rule, an ID is automatically assigned in increments of 10 in the order in which rules are added. When more than one rule matches the command entered, the rule with the lowest ID takes precedence. Range:
1
to4294967295
. mac <MAC-ADDR>
Specifies the MAC address of the device.
mac-mask <MAC-MASK>
Specifies the MAC address mask to add devices in that range. Supported MAC address masks:
/32
and/40
.mac-oui <MAC-OUI>
Specifies the MAC OUI to add devices in that range. Supports MAC OUI address of maximum length of 24 bits.
Authority
Administrators or local user group members with execution rights for this command.
Examples
Adding a device to the MAC group grp01 based on complete MAC address:
switch(config)# mac-group grp01 switch(config-mac-group)# match mac 1a:2b:3c:4d:5e:6f switch(config-mac-group)# exit
Adding devices to the MAC group grp02 based on MAC mask:
switch(config)# mac-group grp01 switch(config-mac-group)# match mac-mask 1a:2b:3c:4d:5e/40 switch(config-mac-group)# match mac-mask 18:e3:ab:73/32 switch(config-mac-group)# exit
Adding devices to the MAC group grp03 based on MAC OUI:
switch(config)# mac-group grp03 switch(config-mac-group)# match mac-oui 81:cd:93 switch(config-mac-group)# exit
Adding devices to the MAC group grp01 with MAC entry sequence number and based on MAC address:
switch(config)# mac-group grp01 switch(config-mac-group)# seq 10 match mac b2:c3:44:12:78:11 switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp01 seq 10 match mac b2:c3:44:12:78:11 ```
Removing devices from the MAC group grp01 based on sequence number:
switch(config)# mac-group grp01 switch(config-mac-group)# no match seq 10 switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp01 ```
Adding devices to the MAC group grp01 with MAC entry sequence number and based on MAC address, MAC address mask, and MAC OUI:
switch(config)# mac-group grp01 switch(config-mac-group)# seq 10 match mac b2:c3:44:12:78:11 switch(config-mac-group)# seq 20 match mac-oui 1a:2b:3c switch(config-mac-group)# seq 30 match mac-mask 71:14:89:f3/32 switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp01 seq 10 match mac b2:c3:44:12:78:11 seq 20 match mac-oui 1a:2b:3c seq 30 match mac-mask 71:14:89:f3/32 ```
Removing devices from the MAC group grp01 based on MAC OUI:
switch(config)# mac-group grp01 switch(config-mac-group)# no seq 20 match mac-oui 1a:2b:3c switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp01 seq 10 match mac b2:c3:44:12:78:11 seq 30 match mac-mask 71:14:89:f3/32 ```
Adding devices to the MAC group grp03 with MAC entry sequence number and based on MAC address mask:
switch(config)# mac-group grp03 switch(config-mac-group)# seq 10 match mac-mask 10:14:a3:b7:55/40 switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp03 seq 10 match mac-mask 10:14:a3:b7:55/40 ```
Removing devices from the MAC group grp03 based on MAC address mask:
switch(config)# mac-group grp03 switch(config-mac-group)# no seq 10 match mac-mask 10:14:a3:b7:55/40 switch(config-mac-group)# exit switch(config)# do show running-config Current configuration: ! !Version ArubaOS-CX Virtual.10.0X.0001 !export-password: default led locator on ! ! vlan 1 interface mgmt no shutdown ip dhcp mac-group grp03 ```