beautypg.com

SMC Networks SMC TigerStack III SMC6824MPE User Manual

Page 396

background image

C

OMMAND

L

INE

I

NTERFACE

4-134

Example

This example creates an IP ingress mask with two rules. Each rule is checked
in order of precedence to look for a match in the ACL entries. The first entry
matching a mask is applied to the inbound packet.

This shows that the entries in the mask override the precedence in which the
rules are entered into the ACL. In the following example, packets with the
source address 10.1.1.1 are dropped because the “deny 10.1.1.1
255.255.255.255” rule has the higher precedence according the “mask host
any” entry.

Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#

Console(config)#access-list ip standard A2
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#

See also other documents in the category SMC Networks Computer Accessories: