Access Control List Commands
4-105
4
mask (MAC ACL)
This command defines a mask for MAC ACLs. This mask defines the fields to check
in the packet header. Use the no form to remove a mask.
Syntax
[no]mask [pktformat]
{any | host | source-bitmask} {any | host | destination-bitmask}
[vid [vid-bitmask]] [ethertype [ethertype-bitmask]]
pktformat – Check the packet format field. (If this keyword must be used in
the mask, the packet format must be specified in ACL rule to match.)
any – Any address will be matched.
host – The address must be for a single node.
source-bitmask – Source address of rule must match this bitmask.
• destination-bitmask – Destination address of rule must match this bitmask.
•vid – Check the VLAN ID field.
vid-bitmask – VLAN ID of rule must match this bitmask.
• ethertype – Check the Ethernet type field.
ethertype-bitmask – Ethernet type of rule must match this bitmask.
Default Setting
None
Command Mode
MAC Mask
Command Usage
Up to seven masks can be assigned to an ingress or egress ACL.
Packets crossing a port are checked against all the rules in the ACL until a
match is found. The order in which these packets are checked is determined
by the mask, and not the order in which the ACL rules were entered.
First create the required ACLs and inbound or outbound masks before
mapping an ACL to an interface.