Filter
Top Products
A
CCESS
C
ONTROL
L
ISTS
3-73
CLI – This shows that the entries in the mask override the precedence in
which the rules are entered into the ACL. In the following example,
packets with the source address 10.1.1.1 are dropped because the “deny
10.1.1.1 255.255.255.255” rule has the higher precedence according the
“mask host any” entry.
Configuring a MAC ACL Mask
This mask defines the fields to check in the packet header.
Command Usage
You must configure a mask for an ACL rule before you can bind it to a
port.
Command Attributes
• Source/Destination MAC – Use “Any” to match any address,
“Host” to specify the host address for a single node, or “MAC” to
specify a range of addresses. (Options: Any, Host, MAC; Default: Any)
• Source/Destination MAC Bitmask – Address of rule must match
this bitmask.
• VID Bitmask – VLAN ID of rule must match this bitmask.
• Ethernet Type Bitmask – Ethernet type of rule must match this
bitmask.
• Packet Format Bitmask – A packet format must be specified in the
rule.
Console(config)#access-list ip standard A2 4-118
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0 4-119
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in 4-124
Console(config-ip-mask-acl)#mask host any 4-125
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#