Accton Technology ES3628C Switch User Manual


 
Command Line Interface
4-94
4
destination-bitmask – Destination address of rule must match this bitmask.
precedence – Check the IP precedence field.
tos – Check the TOS field.
dscp – Check the DSCP field.
source-port – Check the protocol source port field.
destination-port – Check the protocol destination port field.
port-bitmask – Protocol port of rule must match this bitmask.
(Range: 0-65535)
control-flag – Check the field for control flags.
flag-bitmask – Control flags of rule must match this bitmask. (Range: 0-63)
Default Setting
None
Command Mode
IP Mask
Command Usage
Packets crossing a port are checked against all the rules in the ACL until a
match is found. The order in which these packets are checked is determined
by the mask, and not the order in which the ACL rules were entered.
First create the required ACLs and ingress or egress masks before mapping
an ACL to an interface.
If you enter dscp, you cannot enter tos or precedence. You can enter both
tos and precedence without dscp.
Masks that include an entry for a Layer 4 protocol source port or destination
port can only be applied to packets with a header length of exactly five bytes.
Example
This example creates an IP ingress mask with two rules. Each rule is checked in
order of precedence to look for a match in the ACL entries. The first entry matching
a mask is applied to the inbound packet.
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#