Command Line Interface
6991553-KDU 137 365 Uen D 2006-06-16
first mask that matches a rule will determine the rule that is applied to a
packet.
• A mask must be configured for an ACL rule it is bound to a port or the
queue or frame priorities associated with the rule set.
Example
Related Commands
mask (IP ACL) (section 7.8.6 on page 699)
ip access-group (section 7.8.8 on page 705)
7.8.6 mask (IP ACL)
This command defines a mask for IP ACLs. This mask defines the fields to check
in the IP header. Use the no form to remove a mask.
Syntax
[no] mask [protocol]
{any | host | <source-bitmask>}
{any | host | <destination-bitmask>}
[precedence] [tos] [dscp]
[source-port [port-bitmask]]
[destination-port [port-bitmask]]
[control-flag [flag-bitmask]]
• protocol – Check the protocol field.
• any – Any address will be matched.
• host – The address must be for a host device, not a subnetwork.
• source-bitmask – Source address of rule must match this
bitmask.
• destination-bitmask – Destination address of rule must match
this bitmask.
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#
To Next Page
Loading...
