3Com WXR100 3CRWXR10095A User Manual
Page 606
606
C
HAPTER
14: S
ECURITY
ACL C
OMMANDS
Syntax —
set security acl map
acl-name
{v
lan
vlan-id
|
port
port-list
[
tag
tag-list
] |
ap
ap-num
} {
in
|
out
}
acl-name
— Name of an existing security ACL to map. ACL names
start with a letter and are case-insensitive.
vlan
vlan-id
— VLAN name or number. MSS assigns the security
ACL to the specified VLAN.
port
port-list
— Port list. MSS assigns the security ACL to the
specified physical WX port or ports.
tag
tag-list
— One or more values that identify a virtual port in a
VLAN. Specify a single tag value from 1 through 4095. Or specify a
comma-separated list of values, a hyphen-separated range, or any
combination, with no spaces. MSS assigns the security ACL to the
specified virtual port or ports.
ap
ap-num
— One or more MAPs, based on their connection IDs.
Specify a single connection ID, or specify a comma-separated list of
connection IDs, a hyphen-separated range, or any combination, with
no spaces. MSS assigns the security ACL to the specified MAPs.
in
— Assigns the security ACL to traffic coming into the WX switch.
out
— Assigns the security ACL to traffic coming from the WX switch.
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Usage — Before you can map a security ACL, you must use the
commit security acl command to save the ACL in the running
configuration and nonvolatile storage.
For best results, map only one input security ACL and one output security
ACL to each VLAN, physical port, virtual port, or Distributed MAP to filter
a flow of packets. If more than one security ACL filters the same traffic,
MSS applies only the first ACL match and ignores any other matches.
Examples — The following command maps security ACL acl_133 to
port 4 for incoming packets:
WX4400 set security acl map acl_133 port 4 in
success: change accepted.