10-57
IPv4 Access Control Lists (ACLs)
Configuring Standard ACLs
< any | host < SA > | SA < mask | SA/mask-length  >>
Defines the source IPv4 address (SA) a packet must carry for 
a match with the ACE. 
• any — Allows IPv4 packets from any SA.
• host < SA > — Specifies only packets having  < SA > as the 
source. Use this criterion when you want to match only the 
IPv4 packets from a single SA. 
• SA < mask > or SA /mask-length — Specifies packets received 
from an SA, where the SA is either a subnet or a group of 
IPv4 addresses. The mask format can be in either dotted-
decimal format or CIDR format (number of significant 
bits). (Refer to “Using CIDR Notation To Enter the IPv4 ACL 
Mask” on page 10-49).
SA Mask Application: The mask is applied to the SA in the 
ACE to define which bits in a packet’s SA must exactly match 
the SA configured in the ACL and which bits need not match.
Example: 10.10.10.1/24 and 10.10.10.1 0.0.0.255 both define 
any address in the range of 10.10.10.(1 - 255).    
Note: Specifying a group of contiguous addresses may 
require more than one ACE. For more on how masks operate 
in ACLs, refer to “How an ACE Uses a Mask To Screen Packets 
for Matches” on page 10-35.