Mapping Security Acls To Ports, Vlans, Virtual Ports, Or Distributed Maps - 3Com WX1200 3CRWX120695A Configuration Manual

392 C 19: C
HAPTER ONFIGURING AND
Mapping Security
ACLs to Ports, VLANs,
Virtual Ports, or
Distributed MAPs
M S
ANAGING ECURITY
Security ACLs can be mapped to ports, VLANs, virtual ports, and
Distributed MAPs. Use the following command:
set security acl map acl-name {vlan vlan-id | port port-list
[tag tag-value] | ap apnumber} {in | out}
Specify the name of the ACL, the port, VLAN, tag value(s) of the virtual
port, or the number of the Distributed MAP to which the ACL is to be
mapped, and the direction for packet filtering. For virtual ports or
Distributed MAPs, you can specify a single value, a comma-separated list
of values, a hyphen-separated range, or any combination, with no
spaces. For example, to map security ACL acl-222 to virtual ports 1
through 3 and 5 on port 2 to filter incoming packets, type the following
command:
WX1200# set security acl map acl-222 port 2 tag 1-3,5 in
success: change accepted.
Plan your security ACL maps to ports, VLANs, virtual ports, and
Distributed MAPs so that only one security ACL filters a flow of packets. If
more than one security ACL filters the same traffic, you cannot guarantee
the order in which the ACE rules are applied.
Displaying ACL Maps to Ports, VLANs, and Virtual Ports
Two commands display the port, VLAN, virtual port, and Distributed MAP
mapping of a specific security ACL. For example, to show the ports,
VLANs, virtual ports, and Distributed MAPs mapped to acl-999, type one
of the following commands:
WX1200# display security acl map acl-999
ACL acl-999 is mapped to:
Port 9 In
Port 9 Out
WX1200# display security acl
ACL table
ACL
-------------------------------- ---- ------ -------
acl-orange
acl-999
acl-blue
acl-violet
ACL
S
Type Class
IP
IP
IP
IP
Mapping
Static
Static Port 6 In
Port 6 Out
Static Port 1 In
Static VLAN 1 Out