Configuring the ECN330-switch
1691553-KDU 137 365 Uen D 2006-06-16
Web – Configure the mask to match the required rules in the IP ingress or
egress ACLs. Set the mask to check for any source or destination address, a
specific host address, or an address range. Include other criteria to search for in
the rules, such as a protocol type or one of the service types. Or use a bitmask
to search for specific protocol port(s) or TCP control code(s). Then click Add.
Figure 60 Configuring an IP ACL Mask
CLI – This shows that the entries in the mask override the precedence in which
the rules are entered into the ACL. In the following example, packets with the
source address 10.1.1.1 are dropped because the “deny 10.1.1.1
255.255.255.255” rule has the higher precedence according the “mask host
any” entry.
Console(config)#access-list ip standard A2
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
To Next Page
Loading...
