A
CCESS
C
ONTROL
L
ISTS
3-113
CLI
– This rule permits packets from any source MAC address to the
destination address 00-e0-29-94-34-de where the Ethernet type is 0800.
Configuring ACL Masks
You must specify masks that control the order in which ACL rules are
checked. The switch includes two system default masks that pass/filter
packets matching the permit/deny rules specified in an ingress ACL. You
can also configure up to seven user-defined masks for an ingress or egress
ACL. A mask must be bound exclusively to one of the basic ACL types
(i.e., Ingress IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC
ACL), but a mask can be bound to up to four ACLs of the same type.
Command Usage
•
Up to seven entries can be assigned to an ACL mask.
•
Packets crossing a port are checked against all the rules in the ACL
until a match is found. The order in which these packets are checked is
determined by the mask, and not the order in which the ACL rules are
entered.
•
First create the required ACLs and the ingress or egress masks before
mapping an ACL to an interface.
•
You must configure a mask for an ACL rule before you can bind it to
a port or set the queue or frame priorities associated with the rule.
Specifying the Mask Type
Use the ACL Mask Configuration page to edit the mask for the Ingress IP
ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL.
Console(config-mac-acl)#permit any host 00-e0-29-94-34-de
ethertype 0800
4-123
Console(config-mac-acl)#
Summary of Contents for 8708L2
Page 2: ......
Page 24: ...TABLES xxiv ...
Page 28: ...FIGURES xxviii ...
Page 290: ...CONFIGURING THE SWITCH 3 238 ...
Page 584: ...COMMAND LINE INTERFACE 4 294 ...
Page 592: ...TROUBLESHOOTING B 4 ...
Page 605: ......