3com WXR100 3CRWXR10095A User Manual
388
C
HAPTER
19: C
ONFIGURING
AND
M
ANAGING
S
ECURITY
ACL
S
ACLs do not take effect until you map them to something (a user, Distributed
MAP, VLAN, port, or virtual port). To map an ACL, see “Mapping Security
ACLs” on page 390. To display the mapped ACLs, use the display security
acl command, without the editbuffer or info option.
MAP, VLAN, port, or virtual port). To map an ACL, see “Mapping Security
ACLs” on page 390. To display the mapped ACLs, use the display security
acl command, without the editbuffer or info option.
Viewing the Edit Buffer
The edit buffer enables you to view the security ACLs you create before
committing them to the configuration. To view a summary of the ACLs in
the edit buffer, type the following command:
committing them to the configuration. To view a summary of the ACLs in
the edit buffer, type the following command:
WX1200# display security acl editbuffer
ACL edit-buffer table
ACL
ACL edit-buffer table
ACL
Type Status
-------------------------------- ---- -------------
acl-99
acl-99
IP
Not committed
acl-blue
IP
Not committed
acl-violet
IP
Not committed
Viewing Committed Security ACLs
To view a summary of the committed security ACLs in the configuration,
type the following command:
type the following command:
WX1200# display security acl
ACL table
ACL
ACL table
ACL
Type Class
Mapping
-------------------------------- ---- ------ -------
acl-2
acl-2
IP
Static
acl-3
IP
Static
acl-4
IP
Static
Viewing Security ACL Details
You can display the contents of one or all security ACLs that are
committed. To display the contents of all committed security ACLs, type
the following command:
committed. To display the contents of all committed security ACLs, type
the following command:
WX1200# display security acl info
ACL information for all
set security acl ip acl-999 (hits #2 0)
----------------------------------------------------
1. deny IP source IP 192.168.0.1 0.0.0.0 destination IP any
2. permit IP source IP 192.168.0.2 0.0.0.0 destination IP any enable-hits
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits
ACL information for all
set security acl ip acl-999 (hits #2 0)
----------------------------------------------------
1. deny IP source IP 192.168.0.1 0.0.0.0 destination IP any
2. permit IP source IP 192.168.0.2 0.0.0.0 destination IP any enable-hits
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits