Table of Contents
Advertisement
252
C
11: C
HAPTER
ONFIGURING AND
Security ACL
Configuration
Scenario
M
S
ANAGING
ECURITY
WX1200# set security acl ip svp permit 0.0.0.0
255.255.255.255
3 Commit the ACL to the configuration:
WX1200# commit security acl svp
4 Map the ACL to the outbound traffic direction of VLAN corp_vlan:
WX1200# set security acl map voip vlan corp_vlan out
The following scenario illustrates how to create a security ACL named
acl-99 that consists of one ACE to permit incoming packets from one IP
address, and how to map the ACL to a port and a user:
1 Type the following command to create and name a security ACL and add
an ACE to it.
WX1200# set security acl ip acl-99 permit 192.168.1.1 0.0.0.0
2 To view the ACE you have entered, type the following command:
WX1200# display security acl editbuffer
ACL
---------------------------------- ---- -------------
acl-99
3 To save acl-99 and its associated ACE to the configuration, type the
following command:
WX1200# commit security acl acl-99
success: change accepted.
4 To map acl-99 to port 6 to filter incoming packets, type the following
command:
WX1200# set security acl map acl-99 port 6 in
mapping configuration accepted
Because every security ACL includes an implicit rule denying all traffic that
is not permitted, port 6 now accepts packets only from 192.168.1.1, and
denies all other packets.
5 To map acl-99 to user Natasha's sessions when you are using the local
WX database for authentication, configure Natasha in the database with
the Filter-Id attribute. Type the following commands:
WX1200# set authentication dot1x Natasha local
success: change accepted.
WX1200# set user natasha attr filter-id acl-99.in
success: change accepted.
ACL
S
Type Status
IP
Not committed
Advertisement
Table of Contents
