Command Line Interface
7291553-KDU 137 365 Uen D 2006-06-16
Example
The following example creates a mask that checks the protocol field in the IP
header, ignores the source and destination IP addresses, then checks the
destination port.
The following example creates a mask that checks the protocol field in the IP
header, ignores the source and destination IP addresses, then checks the
destination port, and both the syn and ack bits in the control flag.
Related Commands
vlan access-map (section 7.8.18 on page 720)
access-list mask-precedence vlan (section 7.8.22 on page 726)
7.8.24 mask (MAC Mask)
This command sets a precedence mask for packet filtering used in MAC ACL
rules. This mask defines the fields to check in the packet header. Use the no
form to remove a mask.
Syntax
[no] mask [pktformat]
{any | host | <source-bitmask>}
{any | host | <destination-bitmask>}
[ethertype [ethertype-bitmask]]
• pktformat – Check the packet format field. (If this keyword must
be used in the mask, the packet format must be specified in ACL
rule to match.)
• any – Any address will be matched.
Console(config-ip-mask-acl)#mask protocol any any destination-port 80
Console(config-ip-mask-acl)#
Console(config-ip-mask-acl)#mask protocol any any destination-port 80
control-flag 18
Console(config-ip-mask-acl)#
To Next Page
Loading...
