Configuring an ip acl mask – Edge Products ES3528-WDM User Manual
Page 138
Access Control Lists
8-10
8
CLI – This example creates an IP ingress mask, and then adds two rules. Each rule
is checked in order of precedence to look for a match in the ACL entries. The first
entry matching a mask is applied to the inbound packet.
Configuring an IP ACL Mask
This mask defines the fields to check in the IP header.
Command Usage
• Masks that include an entry for a Layer 4 protocol source port or destination port
can only be applied to packets with a header length of exactly five bytes.
Command Attributes
• Source/Destination Address Type – Specifies the source or destination IP
address. Use “Any” to match any address, “Host” to specify a host address (not a
subnet), or “IP” to specify a range of addresses. (Options: Any, Host, IP;
Default: Any)
• Source/Destination Subnet Mask – Source or destination address of rule must
match this bitmask. (See the description for SubMask on page 3.)
• Protocol Mask – Check the protocol field.
• Service Type Mask – Check the rule for the specified priority type.
(Options: Precedence, TOS, DSCP; Default: TOS)
• Source/Destination Port Bit Mask – Protocol port of rule must match this
bitmask. (Range: 0-65535)
• Control Code Bit Mask – Control flags of rule must match this bitmask.
(Range: 0-63)
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#