Access Control List Commands
23-6
23
access-list ip mask-precedence
This command changes to the IP Mask mode used to configure access control
masks. Use the no form to delete the mask table.
Syntax
[no] access-list ip mask-precedence {in | out}
• in – Ingress mask for ingress ACLs.
• out – Egress mask for egress ACLs.
Default Setting
Default system mask: Filter inbound packets according to specified IP ACLs.
Command Mode
Global Configuration
Command Usage
• A mask can only be used by all ingress ACLs or all egress ACLs.
• The precedence of the ACL rules applied to a packet is not determined by
order of the rules, but instead by the order of the masks; i.e., the first mask
that matches a rule will determine the rule that is applied to a packet.
• You must configure a mask for an ACL rule before you can bind it to a port or
set the queue or frame priorities associated with the rule.
Example
Related Commands
mask (IP ACL) (23-6)
ip access-group (23-11)
mask (IP ACL)
This command defines a mask for IP ACLs. This mask defines the fields to check in
the IP header. Use the no form to remove a mask.
Syntax
[no] mask [protocol]
{any | host | source-bitmask}
{any | host | destination-bitmask}
[precedence] [tos] [dscp]
[source-port [port-bitmask]] [destination-port [port-bitmask]]
[control-flag [flag-bitmask]]
• protocol – Check the protocol field.
• any – Any address will be matched.
• host – The address must be for a host device, not a subnetwork.
• source-bitmask – Source address of rule must match this bitmask.
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#
To Next Page
Loading...
