Switch Management Guide
MAC ACL
S
24-21
Command Usage
• You must configure a mask for an ACL rule before you can bind it to 
a port or set the queue or frame priorities associated with the rule.
• A mask can only be used by all ingress ACLs or all egress ACLs.
• The precedence of the ACL rules applied to a packet is not determined 
by order of the rules, but instead by the order of the masks; i.e., the 
first mask that matches a rule will determine the rule that is applied to 
a packet.
Example 
Related Commands
mask (MAC ACL) (24-21)
mac access-group (24-25)
mask (MAC ACL)
This command defines a mask for MAC ACLs. This mask defines the 
fields to check in the packet header. Use the no form to remove a mask.
Syntax
[
no
] 
mask 
[
pktformat
] 
{
any
 | 
host
 | 
source-bitmask
} {
any
 | 
host
 | 
destination-bitmask
} 
[
vid
 [
vid-bitmask
]] [
ethertype
 [
ethertype-bitmask
]]
• pktformat – Check the packet format field. (If this keyword must 
be used in the mask, the packet format must be specified in ACL rule 
to match.)
• any – Any address will be matched. 
• host – The address must be for a single node.
• source-bitmask – Source address of rule must match this bitmask.
• destination-bitmask – Destination address of rule must match this 
bitmask.
• vid – Check the VLAN ID field.
• vid-bitmask – VLAN ID of rule must match this bitmask.
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#










