Placing One Ace Before Another - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
428 Configuring and managing security ACLs
Placing one ACE before another
You can use the before editbuffer-index portion of the set security acl command to place a new ACE before an existing
ACE. For example, suppose you want to deny some traffic from IP address 192.168.254.12 in acl-111. Follow these
steps:
1
To display all committed security ACLs, type the following command:
WSS# show security acl info
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.11 0.0.0.0 destination IP
any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0
destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0
enable-hits
2
To add the deny ACE to acl-111 and place it first, type the following commands:
WSS# set security acl ip acl-111 deny 192.168.254.12 0.0.0.255 before 1
WSS# commit security acl acl-111
success: change accepted.
3
To view the results, type the following command:
WSS# show security acl info
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. deny IP source IP 192.168.254.12 0.0.0.255 destination IP
any
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP
any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0
destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0
enable-hits
NN47250-500 (320657-F Version 02.01)
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
