User's Manual
A
CCESS
C
ONTROL
L
IST
C
OMMANDS
4-130
mask (IP ACL)
This command defines a mask for IP ACLs. This mask defines the fields to
check in the IP header. Use the no form to remove a mask.
Syntax
[no] mask [protocol]
{any | host | source-bitmask}
{any | host | destination-bitmask}
[precedence] [tos] [dscp]
[source-port [port-bitmask]] [destination-port [port-bitmask]]
[control-flag [flag-bitmask]]
• protocol – Check the protocol field.
• any – Any address will be matched.
• host – The address must be for a host device, not a subnetwork.
• source-bitmask – Source address of rule must match this bitmask.
• destination-bitmask – Destination address of rule must match this
bitmask.
• precedence – Check the IP precedence field.
• tos – Check the TOS field.
• dscp – Check the DSCP field.
• source-port – Check the protocol source port field.
• destination-port – Check the protocol destination port field.
• port-bitmask – Protocol port of rule must match this bitmask.
(Range: 0-65535)
• control-flag – Check the field for control flags.
• flag-bitmask – Control flags of rule must match this bitmask.
(Range: 0-63)
Default Setting
None
Command Mode
IP Mask
Command Usage
• Packets crossing a port are checked against all the rules in the ACL until
a match is found. The order in which these packets are checked is