User's Manual
C
OMMAND
L
INE
I
NTERFACE
4-116
Masks for Access Control Lists
You must specify optional masks that control the order in which ACL
rules are checked. The switch includes two system default masks that pass/
filter packets matching the permit/deny rules specified in an ingress ACL.
You can also configure up to seven user-defined masks for an ACL. A
mask must be bound exclusively to one of the basic ACL types (i.e., Ingress
IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a
mask can be bound to up to four ACLs of the same type.
IP ACLs
Table 4-33 Access Control List Commands
Command Groups Function Page
IP ACLs Configure ACLs based on IP addresses, TCP/
UDP port number, protocol type, and TCP control
code
4-116
MAC ACLs Configure ACLs based on hardware addresses,
packet format, and Ethernet type
4-133
ACL Information Display ACLs and associated rules; shows ACLs
assigned to each port
4-144
Table 4-34 IP ACL Commands
Command Function Mode Page
access-list ip Creates an IP ACL and enters
configuration mode for standard or
extended IP ACLs
GC 4-117
permit, deny Filters packets matching a specified
source IP address
STD-ACL 4-118
permit, deny Filters packets meeting the specified
criteria, including source and
destination IP address, TCP/UDP port
number, protocol type, and TCP
control code
EXT-ACL 4-120
show ip access-list Displays the rules for configured IP
ACLs
PE 4-122