A
CCESS
C
ONTROL
L
ISTS
3-111
Configuring ACL Masks
You must specify masks that control the order in which ACL rules are
checked. The switch includes two system default masks that pass/filter
packets matching the permit/deny rules specified in an ingress ACL. You
can also configure up to seven user-defined masks for an ingress or egress
ACL. A mask must be bound exclusively to one of the basic ACL types
(i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC
ACL), but a mask can be bound to up to four ACLs of the same type.
Command Usage
• Up to seven entries can be assigned to an ACL mask.
• Packets crossing a port are checked against all the rules in the ACL until
a match is found. The order in which these packets are checked is
determined by the mask, and not the order in which the ACL rules are
entered.
• First create the required ACLs and the ingress or egress masks before
mapping an ACL to an interface.
• You must configure a mask for an ACL rule before you can bind it to a
port or set the queue or frame priorities associated with the rule.