Mask (ip acl), Mask (ip acl) -132 – SMC Networks SMC TigerStack III SMC6824MPE User Manual

C

OMMAND

L

INE

I

NTERFACE

4-132

Command Mode

Global Configuration

Command Usage

• A mask can only be used by all ingress ACLs or all egress ACLs.
• The precedence of the ACL rules applied to a packet is not determined

by order of the rules, but instead by the order of the masks; i.e., the first
mask that matches a rule will determine the rule that is applied to a
packet.

• You must configure a mask for an ACL rule before you can bind it to a

port or set the queue or frame priorities associated with the rule.

Example

Related Commands

mask (IP ACL) (4-132)
ip access-group (4-137)

mask (IP ACL)

This command defines a mask for IP ACLs. This mask defines the fields to
check in the IP header. Use the no form to remove a mask.

Syntax

[no] mask [protocol]

{any | host | source-bitmask}
{any | host | destination-bitmask}
[precedence] [tos] [dscp]
[source-port [port-bitmask]] [destination-port [port-bitmask]]
[control-flag [flag-bitmask]]

• protocol – Check the protocol field.
• any – Any address will be matched.
• host – The address must be for a host device, not a subnetwork.
• source-bitmask – Source address of rule must match this bitmask.

Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#