Configuring the Switch
3-82
3
CLI – This example creates an IP ingress mask, and then adds two rules. Each rule
is checked in order of precedence to look for a match in the ACL entries. The first
entry matching a mask is applied to the inbound packet.
Configuring an IP ACL Mask
This mask defines the fields to check in the IP header.
Command Usage
• Masks that include an entry for a Layer 4 protocol source port or destination port
can only be applied to packets with a header length of exactly five bytes.
Command Attributes
• Source/Destination Address Type –
Specifies the source or destination IP address.
Use “Any” to match any address, “Host” to specify a host address (not a subnet), or “IP”
to specify a range of addresses. (Options: Any, Host, IP; Default: Any)
• Source/Destination Subnet Mask – Subnet mask for source or destination
address. (See the description for SubMask on page 3-75.)
• Protocol Mask – Check the protocol field.
• Service Type Mask – Check the rule for the specified priority type.
(Options: Precedence, TOS, DSCP; Default: TOS)
• Source/Destination Port Bitmask – Protocol port of rule must match this bitmask.
(Range: 0-65535)
• Control Code Bitmask – Control flags of rule must match this bitmask.
(Range: 0-63)
Console(config)#access-list ip mask-precedence in 4-117
Console(config-ip-mask-acl)#mask host any 4-118
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
To Next Page
Loading...
Need help?
General