User's Manual
A
CCESS
 C
ONTROL
 L
ISTS
3-85
10.1.1.1 255.255.255.255” rule has the higher precedence according the 
“mask host any” entry.
Configuring a MAC ACL Mask
This mask defines the fields to check in the packet header. 
Command Usage
You must configure a mask for an ACL rule before you can bind it to a 
port.
Command Attributes
• Source/Destination MAC – Use “Any” to match any address, 
“Host” to specify the host address for a single node, or “MAC” to 
specify a range of addresses. (Options: Any, Host, MAC; Default: Any)
• Source/Destination MAC Bitmask – Address of rule must match 
this bitmask.
• VID Bitmask – VLAN ID of rule must match this bitmask.
• Ethernet Type Bitmask – Ethernet type of rule must match this 
bitmask.
• Packet Format Bitmask – A packet format must be specified in the 
rule.
Web – Configure the mask to match the required rules in the MAC ingress 
or egress ACLs. Set the mask to check for any source or destination 
address, a host address, or an address range. Use a bitmask to search for 
Console(config)#access-list ip standard A23-116
Console(config-std-acl)#permit 10.1.1.0 255.255.255.03-117
Console(config-std-acl)#deny 10.1.1.1 255.255.255.255
Console(config-std-acl)#exit
Console(config)#access-list ip mask-precedence in3-121
Console(config-ip-mask-acl)#mask host any3-122
Console(config-ip-mask-acl)#mask 255.255.255.0 any
Console(config-ip-mask-acl)#










