Filter
Top Products
A
CCESS
C
ONTROL
L
IST
C
OMMANDS
4-117
Masks for Access Control Lists
You can specify optional masks that control the order in which ACL rules
are checked. The switch includes two system default masks that pass/filter
packets matching the permit/deny rules specified in an ingress ACL. You
can also configure up to seven user-defined masks for an ACL. A mask
must be bound exclusively to one of the basic ACL types (i.e., Ingress IP
ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a
mask can be bound to up to four ACLs of the same type.
IP ACLs
Table 4-32 Access Control List Commands
Command Groups Function Page
IP ACLs Configure ACLs based on IP addresses, TCP/
UDP port number, protocol type, and TCP control
code
4-117
MAC ACLs Configure ACLs based on hardware addresses,
packet format, and Ethernet type
4-135
ACL Information Display ACLs and associated rules; shows ACLs
assigned to each port
4-148
Table 4-33 IP ACL Commands
Command Function Mode Page
access-list ip Creates an IP ACL and enters
configuration mode for standard or
extended IP ACLs
GC 4-118
permit, deny Filters packets matching a specified
source or destination IP address
STD-ACL 4-119
permit, deny Filters packets meeting the specified
criteria, including source and
destination IP address, TCP/UDP port
number, protocol type, and TCP
control code
EXT-ACL 4-121
show ip access-list Displays the rules for configured IP
ACLs
PE 4-123