DELL N3000 Manual Do Utilizador
Configuring Access Control Lists
593
Using IP and MAC Address Masks
Masks are used with IP and MAC addresses to specify what should be
considered in the address for a match. Masks are expanded internally into a
bit mask and are applied bit-wise in the hardware even though they are
entered in decimal or hexadecimal format. Masks need not have contiguous 0
or 1 bits. A 0 bit value in the mask indicates that the address field in the
packet being compared must match the address bit exactly. A 1 value in the
mask indicates a wildcard or don't care value, i.e. the access bits are not
compared and match any possible value. For example, an IP address of 3.3.3.3
with a mask of 0.0.0.0 indicates that the ACL matches on all four bytes of the
IP address. Likewise, a MAC address of 68:94:23:AD:F3:18 with a mask of
00:00:00:00:00:ff indicates that the first five bytes must match (e.g.,
68:94:23:AD:F3) and the last byte may take on any value from 0x00 to 0xff
(0–255) and still be considered a match.
The following ACL equivalents are noted:
The following ACL equivalents are noted:
0x08
EGP
0x09
IGP
0x11
UDP
Address
Mask
Equivalent Address
0.0.0.0
255.255.255.255
any
x.x.x.x
host
x.x.x.x
0:0:0:0:0:0
ff:ff:ff:ff:ff:ff
any
Table 20-3. Common IP Protocol Numbers (Continued)
IP Protocol Number
Protocol