Filter
Top Products
Configuring ACLs
79
NXA-ENET24 - Software Management Guide
Configuring ACL Masks - Web
Click Security, ACL, ACL Mask Configuration. Click Edit for one of the basic mask types to open the
configuration page.
Configuring ACL Masks - CLI
This example creates an IP ingress mask, and then adds two rules. Each rule is checked in order of precedence
to look for a match in the ACL entries. The first entry matching a mask is applied to the inbound packet.
Configuring an IP ACL Mask
This mask defines the fields to check in the IP header.
Command Usage
Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to
packets with a header length of exactly five bytes.
Command Attributes
FIG. 79 Web - ACL Mask Configuration
Console(config)#access-list ip mask-precedence in 269
Console(config-ip-mask-acl)#mask host any 269
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
Command Attributes
• Source/Destination
Address Type:
Use “Any” to include all possible addresses, “Host” to indicate a specific MAC
address, or “MAC” to specify an address range with the Address and Bitmask fields.
• Options: Any, Host, MAC
• Default: Any
• Source/Destination
Subnet Mask:
Subnet mask for source or destination address.
See the description for SubMask on page 74.
• Protocol Bitmask: Check the protocol field.
• Service Type Mask: Check the rule for the specified priority type.
• Options: Precedence, TOS, DSCP
• Default: TOS
• Source/Destination
Port Bitmask:
Protocol port of rule must match this bitmask.
• Range: 0-65535
• Control Code
Bitmask:
Control flags of rule must match this bitmask.
• Range: 0-63