match (for MAC groups)

Syntax

[seq <SEQ-ID>] match {mac <MAC-ADDR> | mac-mask <MAC-MASK> | mac-oui <MAC-OUI>}

no [seq <SEQ-ID>] match {mac <MAC-ADDR> | mac-mask <MAC-MASK> | mac-oui <MAC-OUI>}

Description

Defines a rule to match devices for a MAC group based on the criteria of MAC address, MAC address mask, or MAC Organizational Unique Identifier (OUI). Up to 64 match rules can be defined for a group.

NOTE:

You must not configure the following special MAC addresses:

  • Null MAC—For example, 00:00:00:00:00:00 or 00:00:00/32

  • Multicast MAC

  • Broadcast MAC—For example, ff:ff:ff:ff:ff:ff:ff

  • System MAC

Although the switch accepts these addresses, it will not process these addresses for the local MAC match feature.

The no form of this command removes a rule for adding devices to a MAC group.

The number of clients that can onboard based on the match criteria is configured in the aaa authentication port-access client-limit command. For information about this command, see the Security Guide for your switch.

Command context

config-mac-group

Parameters

seq <SEQ-ID>
Specifies the entry sequence ID of the rule to create or modify a MAC group. If no ID is specified when adding a rule, an ID is automatically assigned in increments of 10 in the order in which rules are added. When more than one rule matches the command entered, the rule with the lowest ID takes precedence. Range: 1 to 4294967295.
mac <MAC-ADDR>

Specifies the MAC address of the device.

mac-mask <MAC-MASK>

Specifies the MAC address mask to add devices in that range. Supported MAC address masks: /32 and /40.

mac-oui <MAC-OUI>

Specifies the MAC OUI to add devices in that range. Supports MAC OUI address of maximum length of 24 bits.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Adding a device to the MAC group grp01 based on complete MAC address:

switch(config)# mac-group grp01
switch(config-mac-group)# match mac 1a:2b:3c:4d:5e:6f
switch(config-mac-group)# exit

Adding devices to the MAC group grp02 based on MAC mask:

switch(config)# mac-group grp01
switch(config-mac-group)# match mac-mask 1a:2b:3c:4d:5e/40
switch(config-mac-group)# match mac-mask 18:e3:ab:73/32
switch(config-mac-group)# exit

Adding devices to the MAC group grp03 based on MAC OUI:

switch(config)# mac-group grp03
switch(config-mac-group)# match mac-oui 81:cd:93
switch(config-mac-group)# exit

Adding devices to the MAC group grp01 with MAC entry sequence number and based on MAC address:

switch(config)# mac-group grp01
switch(config-mac-group)# seq 10 match mac b2:c3:44:12:78:11
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp01
    seq 10 match mac b2:c3:44:12:78:11

```

Removing devices from the MAC group grp01 based on sequence number:

switch(config)# mac-group grp01
switch(config-mac-group)# no match seq 10
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp01

```

Adding devices to the MAC group grp01 with MAC entry sequence number and based on MAC address, MAC address mask, and MAC OUI:

switch(config)# mac-group grp01
switch(config-mac-group)# seq 10 match mac b2:c3:44:12:78:11
switch(config-mac-group)# seq 20 match mac-oui 1a:2b:3c
switch(config-mac-group)# seq 30 match mac-mask 71:14:89:f3/32
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp01
     seq 10 match mac b2:c3:44:12:78:11
     seq 20 match mac-oui 1a:2b:3c
     seq 30 match mac-mask 71:14:89:f3/32

```

Removing devices from the MAC group grp01 based on MAC OUI:

switch(config)# mac-group grp01
switch(config-mac-group)# no seq 20 match mac-oui 1a:2b:3c
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp01
     seq 10 match mac b2:c3:44:12:78:11
     seq 30 match mac-mask 71:14:89:f3/32


```

Adding devices to the MAC group grp03 with MAC entry sequence number and based on MAC address mask:

switch(config)# mac-group grp03
switch(config-mac-group)# seq 10 match mac-mask 10:14:a3:b7:55/40
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp03
     seq 10 match mac-mask 10:14:a3:b7:55/40

```

Removing devices from the MAC group grp03 based on MAC address mask:

switch(config)# mac-group grp03
switch(config-mac-group)# no seq 10 match mac-mask 10:14:a3:b7:55/40
switch(config-mac-group)# exit
switch(config)# do show running-config
Current configuration:
!
!Version ArubaOS-CX Virtual.10.0X.0001
!export-password: default
led locator on
!
!
vlan 1
interface mgmt
    no shutdown
    ip dhcp
mac-group grp03

```