Table of Contents
Advertisement
Web – Configure the mask to match the required rules in the IP ingress or egress
ACLs. Set the mask to check for any source or destination address, a specific host
address, or an address range. Include other criteria to search for in the rules, such
as a protocol type or one of the service types. Or use a bitmask to search for specific
protocol port(s) or TCP control code(s). Then click Add.
CLI – This shows that the entries in the mask override the precedence in which the
rules are entered into the ACL. In the following example, packets with the source
address 10.1.1.1 are dropped because the "deny 10.1.1.1 255.255.255.255" rule
has the higher precedence according the "mask host any" entry.
Console(config)#access-list ip standard A2
Console(config-std-acl)#permit 10.1.1.0 255.255.255.0
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
Figure 3-50 ACL Mask Configuration - IP
Access Control Lists
4-89
4-90
4-93
4-94
3
3-85
- Quick Links:
- Configuration Options
Hide quick links:
Advertisement
Table of Contents
