Table of Contents
Advertisement
248
C
11: C
HAPTER
ONFIGURING AND
WX1200# display security acl info all
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. deny IP source IP 192.168.254.12 0.0.0.255 destination IP any
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits
Modifying an Existing
Security ACL
WX1200# display security acl info all
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. deny IP source IP 192.168.254.12 0.0.0.255 destination IP any
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits
WX1200# set security acl ip acl-111 permit 192.168.254.12 0.0.0.0 modify 1
WX1200# commit security acl acl-111
success: change accepted.
M
S
ANAGING
ECURITY
2 To add the deny ACE to acl-111 and place it first, type the following
commands:
WX1200# set security acl ip acl-111 deny 192.168.254.12
0.0.0.255 before 1
WX1200# commit security acl acl-111
success: change accepted.
3 To view the results, type the following command:
You can use the modify editbuffer-index portion of the set security acl
command to modify an active security ACL. For example, suppose the
ACL acl-111 currently blocks some packets from IP address
192.168.254.12 with the mask 0.0.0.255 and you want to change the
ACL to permit all packets from this address. Follow these steps:
1 To display all committed security ACLs, type the following command:
2 To modify the first ACE in acl-111, type the following commands:
ACL
S
Advertisement
Table of Contents
