C
ONFIGURING THE
Web – Click Security, ACL, Mask Configuration. Click Edit for one of the
basic mask types to open the configuration page.
CLI – This example creates an IP ingress mask, and then adds two rules.
Each rule is checked in order of precedence to look for a match in the
ACL entries. The first entry matching a mask is applied to the inbound
packet.
Console(config)#access-list ip mask-precedence in
Console(config-ip-mask-acl)#mask host any
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#
Configuring an IP ACL Mask
This mask defines the fields to check in the IP header.
Command Usage
•
Masks that include an entry for a Layer 4 protocol source port or
destination port can only be applied to packets with a header length of
exactly five bytes.
Command Attributes
•
Source/Destination Address Type – Specifies the source or
destination IP address. Use "Any" to match any address, "Host" to
3-114
S
WITCH
Figure 3-47 Selecting ACL Mask Types
4-126
4-128