COMMAND LINE INTERFACE

Command Usage

You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.

A mask can only be used by all ingress ACLs or all egress ACLs.

The precedence of the ACL rules applied to a packet is not determined by order of the rules, but instead by the order of the masks; i.e., the first mask that matches a rule will determine the rule that is applied to a packet.

Example

Console(config)#access-list mac mask-precedence in

Console(config-mac-mask-acl)#

Related Commands

mask (MAC ACL) (4-140) mac access-group(4-144)

mask (MAC ACL)

This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the no form to remove a mask.

Syntax

[no] mask [pktformat] {any host source-bitmask} {any host destination-bitmask}[vid [vid-bitmask]] [ethertype [ethertype-bitmask]]

pktformat – Check the packet format field. (If this keyword must be used in the mask, the packet format must be specified in ACL rule to match.)

any – Any address will be matched.

host – The address must be for a single node.

source-bitmask– The source address of the rule must match this bitmask.

destination-bitmask– The destination address of the rule must match this bitmask.

vid – Check the VLAN ID field.

4-140

Page 384
Image 384
SMC Networks SMC8624/48T manual Mask MAC ACL 4-140 mac access-group4-144