3com WX2200 3CRWX220095A Manual De Usuario

The simplest security ACL permits or denies packets from a source IP 
address:

set security acl ip acl-name {permit [cos cos] | deny} 
source-ip-addr mask | any} [before editbuffer-index | modify 
editbuffer-index] [hits]

For example, to create ACL acl-1 that permits all packets from IP address 
192.168.1.4, type the following command:

WX1200# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0 

With the following basic security ACL command, you can specify any of 
the protocols supported by MSS:

set security acl ip acl-name {permit [cos cos] | deny}
{protocol-number} {source-ip-addr mask | any} [[precedence 
precedence] [tos tos] [dscp codepoint]] [before 
editbuffer-index | modify editbuffer-index] [hits]

The following sample security ACL permits all Generic Routing 
Encapsulation (GRE) packets from source IP address 192.168.1.11 to 
destination IP address 192.168.1.15, with a precedence level of 0 
(routine), and a type-of-service (TOS) level of 0 (normal). (For more 
information about type-of-service and precedence levels, see the 

.) GRE is protocol number 

47.

WX1200# set security acl ip acl-2 permit cos 2 47 
192.168.1.11 0.0.0.0 192.168.1.15 0.0.0.0 precedence 0 tos 0 
hits

The security ACL acl-2 described above also applies the CoS level 2 
(medium priority) to the permitted packets. (For CoS details, see “Class of 
Service” on page 382.) The keyword hits counts the number of times this 
ACL affects packet traffic.

Table 30 lists common IP protocol numbers. (For a complete list of IP 
protocol names and numbers, see 

.) For commands that set 

security ACLs for specific protocols, see the following information:

„

„

„