3com WX1200 3CRWX120695A Manuel D’Utilisation

C

HAPTER

 19: C

ONFIGURING

 

AND

 M

ANAGING

 S

ECURITY

 ACL

S

If you no longer need the security ACL, delete it from the configuration 
with the clear security acl and commit security acl commands. (See 
“Clearing Security ACLs” on page 390.)

You can modify a security ACL in the following ways:

„

Add another ACE to a security ACL, at the end of the ACE list. (See 
“Adding Another ACE to a Security ACL” on page 394.)

„

Place an ACE before another ACE, so it is processed before 
subsequent ACEs, using the before editbuffer-index portion of the 
set security acl commands. (See “Placing One ACE before Another” 
on page 395.)

„

Modify an existing ACE using the modify editbuffer-index portion of 
the set security acl commands. (See “Modifying an Existing Security 
ACL” on page 396.)

„

Use the rollback command set to clear changes made to the security 
ACL edit buffer since the last time it was saved. The ACL is rolled back 
to its state at the last commit command. (See “Clearing Security ACLs 
from the Edit Buffer” on page 397.)

„

Use the clear security acl map command to stop the filtering action 
of an ACL on a port, VLAN, or virtual port. (See “Clearing a Security 
ACL Map” on page 393.)

„

Use clear security acl plus commit security acl to completely delete 
the ACL from the WX switch’s configuration. (See “Clearing Security 
ACLs” on page 390.)

The simplest way to modify a security ACL is to add another ACE. For 
example, suppose you wanted to modify an existing ACL named 
acl-violet. Follow these steps:

1 To display all committed security ACLs, type the following command:

WX1200# display security acl info
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
 1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits