C
ONFIGURING
THE
S
WITCH
3-70
Web – Click Security, ACL, Mask Configuration. Click Edit for one of the
basic mask types to open the configuration page.
Figure 3-31 Selecting ACL Mask Types
CLI – This example creates an IP ingress mask, and then adds two rules.
Each rule is checked in order of precedence to look for a match in the
ACL entries. The first entry matching a mask is applied to the inbound
packet.
Configuring an IP ACL Mask
This mask defines the fields to check in the IP header.
Command Usage
Masks that include an entry for a Layer 4 protocol source port or
destination port can only be applied to packets with a header length of
exactly five bytes.
Console(config)#access-list ip mask-precedence in 4-124
Console(config-ip-mask-acl)#mask host any 4-125
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#