3com WX1200 3CRWX120695A Manuel D’Utilisation

set security acl map

557

The following command adds an ACE to acl_123 that denies packets
from IP address 192.168.2.11:

WX4400# set security acl ip acl_123 deny 192.168.2.11

0.0.0.0

The following command creates acl_125 by defining an ACE that denies
TCP packets from source IP address 192.168.0.1 to destination IP address
192.168.0.2 for established sessions only, and counts the hits:

WX4400# set security acl ip acl_125 deny tcp

192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits

The following command adds an ACE to acl_125 that denies TCP packets
from source IP address 192.168.1.1 to destination IP address
192.168.1.2, on destination port 80 only, and counts the hits:

WX4400# set security acl ip acl_125 deny tcp

192.168.1.1 0.0.0.0 192.168.1.2 0.0.0.0 eq 80 hits

Finally, the following command commits the security ACLs in the edit
buffer to the configuration:

WX4400# commit security acl all

configuration accepted

See Also

clear security acl on page 538

commit security acl on page 541

display security acl on page 542

set security acl map

Assigns a committed security ACL to a VLAN, physical port or ports,
virtual port, or Distributed MAP on the WX switch.

To assign a security ACL to a user or group in the local WX database, use
the command set user attr, set mac-user attr, set usergroup attr, or
set mac-usergroup attr with the Filter-Id attribute. To assign a security
ACL to a user or group with Filter-Id on a RADIUS server, see the
documentation for your RADIUS server.