Configuring an ip acl mask – Edge Products ES3528-WDM User Manual

Access Control Lists

8-10

8

CLI – This example creates an IP ingress mask, and then adds two rules. Each rule
is checked in order of precedence to look for a match in the ACL entries. The first
entry matching a mask is applied to the inbound packet.

Configuring an IP ACL Mask

This mask defines the fields to check in the IP header.

Command Usage

• Masks that include an entry for a Layer 4 protocol source port or destination port

can only be applied to packets with a header length of exactly five bytes.

Command Attributes
• Source/Destination Address Type – Specifies the source or destination IP

address. Use “Any” to match any address, “Host” to specify a host address (not a
subnet), or “IP” to specify a range of addresses. (Options: Any, Host, IP;
Default: Any)

• Source/Destination Subnet Mask – Source or destination address of rule must

match this bitmask. (See the description for SubMask on page 3.)

• Protocol Mask – Check the protocol field.
• Service Type Mask – Check the rule for the specified priority type.

(Options: Precedence, TOS, DSCP; Default: TOS)

• Source/Destination Port Bit Mask – Protocol port of rule must match this

bitmask. (Range: 0-65535)

• Control Code Bit Mask – Control flags of rule must match this bitmask.

(Range: 0-63)

Console(config)#access-list ip mask-precedence in

23-6

Console(config-ip-mask-acl)#mask host any

23-6

Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#