3com WX2200 3CRWX220095A User Manual

C

HAPTER

 19: C

ONFIGURING

 

AND

 M

ANAGING

 S

ECURITY

 ACL

S

The clear security acl command removes the ACL from the edit buffer 
only. To clear a security ACL, enter a specific ACL name, or enter all to 
delete all security ACLs. To remove the security ACL from the running 
configuration and nonvolatile storage, you must also use the commit 
security acl command.

For example, the following command deletes acl-99 from the edit buffer:

WX1200# clear security acl acl-99

To clear acl-99 from the configuration, type the following command:

WX1200# commit security acl acl-99
success: change accepted

An ACL does not take effect until you commit it and map it to a user or 
an interface.

User-based security ACLs are mapped to an IEEE 802.1X authenticated 
session during the AAA process. You can specify that one of the 
authorization attributes returned during authentication is a named 
security ACL. The WX switch maps the named ACL automatically to the 
user’s authenticated session. 

Security ACLs can also be mapped statically to ports, VLANs, virtual ports, 
or Distributed MAPs. User-based ACLs are processed before these ACLs, 
because they are more specific and closer to the network edge. 

When you configure administrator or user authentication, you can set a 
Filter-Id authorization attribute at the RADIUS server or at the WX switch’s 
local database. The Filter-Id attribute is a security ACL name (or two ACL 
names) with the direction of the packets indicated. The security ACL 
mapped by Filter-Id instructs the WX switch to use its local definition of 
the ACL, including the flow direction, to filter packets for the 
authenticated user.