Filter
Top Products
Configuring ACLs
80
NXA-ENET24 - Software Management Guide
Configuring an IP ACL Mask - Web
Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any
source or destination address, a specific host address, or an address range.
Include other criteria to search for in the rules, such as a protocol type or one of the service types.
Or use a bitmask to search for specific protocol port(s) or TCP control code(s). Then click Add.
Configuring an IP ACL Mask - CLI
This shows that the entries in the mask override the precedence in which the rules are entered into the ACL. In
the following example, packets with the source address 10.1.1.1 are dropped because the “deny 10.1.1.1
255.255.255.255” rule has the higher precedence according the “mask host any” entry.
Configuring a MAC ACL Mask
This mask defines the fields to check in the packet header.
Command Usage
You must configure a mask for an ACL rule before you can bind it to a port.
Command Attributes
FIG. 80 Web - Configuring an IP based ACL
Console(config)#access-list ip standard A2 264
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0 265
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in 269
Console(config-ip-mask-acl)#mask host any 269
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
Command Attributes
• Source/Destination
Address Type:
Use “Any” to match any address, “Host” to specify the host address for a single
node, or “MAC” to specify a range of addresses.
• Options: Any, Host, MAC
• Default: Any
• Source/Destination
Bitmask:
Address of rule must match this bitmask.
• VID Bitmask: VLAN ID of rule must match this bitmask.
• Ethernet Type Bitmask: Ethernet type of rule must match this bitmask.
• Packet Format Mask: A packet format must be specified in the rule.