3Com WX2200 3CRWX220095A Switch User Manual

Creating and Committing a Security ACL 381
The simplest security ACL permits or denies packets from a source IP
set security acl ip acl-name {permit [cos cos] | deny}
source-ip-addr mask | any} [before editbuffer-index | modify
editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address, type the following command:
WX1200# set security acl ip acl-1 permit
With the following basic security ACL command, you can specify any of
the protocols supported by MSS:
set security acl ip acl-name {permit [cos cos] | deny}
{protocol-number} {source-ip-addr mask | any} [[precedence
precedence] [tos tos] [dscp codepoint]] [before
editbuffer-index | modify editbuffer-index] [hits]
The following sample security ACL permits all Generic Routing
Encapsulation (GRE) packets from source IP address to
destination IP address, with a precedence level of 0
(routine), and a type-of-service (TOS) level of 0 (normal). (For more
information about type-of-service and precedence levels, see the Wireless
LAN Switch and Controller Command Reference.) GRE is protocol number
WX1200# set security acl ip acl-2 permit cos 2 47 precedence 0 tos 0
The security ACL acl-2 described above also applies the CoS level 2
(medium priority) to the permitted packets. (For CoS details, see “Class of
Service” on page 382.) The keyword hits counts the number of times this
ACL affects packet traffic.
Table 30 lists common IP protocol numbers. (For a complete list of IP
protocol names and numbers, see
www.iana.org/assignments/protocol-numbers.) For commands that set
security ACLs for specific protocols, see the following information:
“Setting an ICMP ACL” on page 383
“Setting a TCP ACL” on page 385
“Setting a UDP ACL” on page 386