Configuring the ECN330-switch
166 1553-KDU 137 365 Uen D 2006-06-16
6.6.2 Configuring ACL Masks
Masks must be specified that control the order in which ACL rules are checked.
For example, the order in which the rules shown in Figure 57 on page 163 are
checked depends on the mask settings. ACL rules matching the first entry in the
mask are checked first. Rules matching subsequent entries in the mask are then
checked in the specified order.
The ECN330-switch includes two system default masks that pass/filter packets
matching the permit/deny rules specified in an ingress ACL. Up to seven user-
defined masks can also be configured for an ingress or egress ACL. A mask
must be bound exclusively to one of the basic ACL types (that is, Ingress IP ACL,
Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a mask can be
bound to up to four ACLs of the same type.
Command Usage
• Up to seven entries can be assigned to an ACL mask.
• Packets crossing a port are checked against all the rules in the ACL until
a match is found. The order in which these packets are checked is
determined by the mask, and not the order in which the ACL rules are
entered.
• First create the required ACLs and the ingress or egress masks before
mapping an ACL to an interface.
• A mask must be configured for an ACL rule before it can be bound to a
port or the queue or frame priorities associated with the rule set.
To Next Page
Loading...
