Set security acl map – 3Com Wireless LAN WX1200 User Manual

464

C

HAPTER

14: S

ECURITY

ACL C

OMMANDS

The following command adds an ACE to acl_123 that denies packets
from IP address 192.168.2.11:

WX4400# set security acl ip acl_123 deny 192.168.2.11
0.0.0.0

The following command creates acl_125 by defining an ACE that denies
TCP packets from source IP address 192.168.0.1 to destination IP address
192.168.0.2 for established sessions only, and counts the hits:

WX4400# set security acl ip acl_125 deny tcp
192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits

The following command adds an ACE to acl_125 that denies TCP packets
from source IP address 192.168.1.1 to destination IP address
192.168.1.2, on destination port 80 only, and counts the hits:

WX4400# set security acl ip acl_125 deny tcp
192.168.1.1 0.0.0.0 192.168.1.2 0.0.0.0 eq 80 hits

Finally, the following command commits the security ACLs in the edit
buffer to the configuration:

WX4400# commit security acl all
configuration accepted

See Also

„

clear security acl on page 446

„

commit security acl on page 449

„

display security acl on page 450

set security acl map

Assigns a committed security ACL to a VLAN, physical port or ports,
virtual port, or Distributed MAP on the WX switch.

To assign a security ACL to a user or group in the local WX database, use
the command set user attr, set mac-user attr, set usergroup attr, or
set mac-usergroup attr with the Filter-Id attribute. To assign a security
ACL to a user or group with Filter-Id on a RADIUS server, see the
documentation for your RADIUS server.