Table of Contents
Advertisement
Determining the ACE
Order
Setting a UDP ACL
The following command filters UDP packets:
set security acl ip acl-name {permit [cos cos] | deny}
udp {source-ip-addr mask [operator port [port2]]
destination-ip-addr mask [operator port [port2]]}
[precedence precedence] [tos tos] [before editbuffer-index |
modify editbuffer-index] [hits]
For example, the following command permits UDP packets sent from IP
address 192.168.1.7 to IP address 192.168.1.8, with any UDP destination
port less than 65,535. It puts this ACE first in the ACL, and counts the
number of hits generated by the ACE.
WX1200# set security acl ip acl-5 permit udp
192.168.1.7 0.0.0.0 192.168.1.8 0.0.0.0 lt 65535
precedence 7 tos 15 before 1 hits
(For information about TOS and precedence levels, see the
Switch and Controller Command
Service" on page 235.)
The set security acl command creates a new entry in the edit buffer and
appends the new entry as a rule at the end of an ACL, unless you specify
otherwise. The order of ACEs is significant, because the earliest ACE
takes precedence over later ACEs. To place the ACEs in the correct order,
use the parameters before editbuffer-index and modify
editbuffer-index. The first ACE is number 1.
To specify the order of the commands, use the following parameters:
before editbuffer-index inserts an ACE before a specific location.
modify editbuffer-index changes an existing ACE.
If the security ACL you specify when creating an ACE does not exist when
you enter set security acl ip, the specified ACL is created in the edit
buffer. If the ACL exists but is not in the edit buffer, the ACL reverts, or is
rolled back, to the state when its last ACE was committed, but it now
includes the new ACE.
For details, see "Placing One ACE before Another" on page 247 and
"Modifying an Existing Security ACL" on page 248.
Creating and Committing a Security ACL
Reference. For CoS details, see "Class of
239
Wireless LAN
Advertisement
Table of Contents
