Filter
Top Products
CLI (Command Line Interface)
213
NXA-ENET24 - Software Management Guide
IP ACL Commands (Cont.)
Command Function
show ip access-list
This command displays the rules
for configured IP ACLs.
Syntax:
show ip access-list {standard | extended} [acl_name]
• standard – Specifies a standard IP ACL.
• extended – Specifies an extended IP ACL.
• acl_name – Name of the ACL. (Maximum length: 16 characters)
Command Mode: Privileged Exec
Example:
Console#show ip access-list standard
IP standard access-list david:
permit host 10.1.1.21
permit 168.92.0.0 255.255.255.0
Console#
access-list ip mask-precedence
This command changes to the IP
Mask mode used to configure
access control masks.
Use the no form to delete the
mask table.
Syntax:
[no] access-list ip mask-precedence {in | out}
• in – Ingress mask for ingress ACLs.
• out – Egress mask for egress ACLs.
Default Setting: Default system mask: Filter inbound packets according to
specified IP ACLs.
Command Mode: Global Configuration
Command Usage: A mask can only be used by all ingress ACLs or all
egress ACLs.
The precedence of the ACL rules applied to a packet is not determined by
order of the rules, but instead by the order of the masks; i.e., the first mask
that matches a rule will determine the rule that is applied to a packet.
You must configure a mask for an ACL rule before you can bind it to a port
or set the queue or frame priorities associated with the rule.
Example:
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#
mask
(IP ACL)
This command defines a mask for
IP ACLs.
This mask defines the fields to
check in the IP header.
Use the no form to remove a
mask.
Syntax:
[no] mask [protocol]
{any | host | source-bitmask}
{any | host | destination-bitmask}
[precedence] [tos] [dscp]
[source-port [port-bitmask]] [destination-port [port-
bitmask]]
[control-flag [flag-bitmask]]
• protocol – Check the protocol field.
• any – Any address will be matched.
• host – The address must be for a host device, not a subnetwork.
• source-bitmask – Source address of rule must match this bitmask.
• destination-bitmask – Destination address of rule must match this
bitmask.
• precedence – Check the IP precedence field.
• tos – Check the TOS field.
• dscp – Check the DSCP field.
• source-port – Check the protocol source port field.
• destination-port – Check the protocol destination port field.
• port-bitmask – Protocol port of rule must match this bitmask. (Range: 0-
65535)
• control-flag – Check the field for control flags.
• flag-bitmask – Control flags of rule must match this bitmask. (Range: 0-
63)
Default Setting: None
Command Mode: IP Mask