Command Line Interface
726 1553-KDU 137 365 Uen D 2006-06-16
7.8.22 access-list mask-precedence vlan
This command changes to the mode for configuring VLAN access control
masks. Use the no form to delete the mask table.
Syntax
[no] access-list {ip | mac} mask-precedence vlan
• ip – Defines IP address mask precedence.
• mac – Define MAC address mask precedence.
Default Setting
None
Command Mode
Global Configuration
Command Usage
• First create the required mask before binding ACL rules to an interface
with the vlan filter command. Otherwise, any attempt to bind the
VLAN access map to an interface will fail.
• If conflicting rules are created, the ECN330-switch will use the mask
priority to determine which rule to apply.
• When an ACL port binding is removed, the ECN330-switch removes the
mask settings from ASIC but keeps this information in RAM. When
creating a VLAN mask, the ECN330-switch first checks whether there
are enough available masks based on the current mask information
stored in RAM. If there are not enough available masks, the ECN330-
switch responds with an error such as "There are 4 user masks
available, 3 used for port ACL, 1 used for VLAN ACL, no mask available
now." If this kind of message appears, remove a port ACL mask by using
the "no access-list ip/mac mask-precedence" command.
Enough masks should then be made available to create a VLAN ACL.
To Next Page
Loading...
