3Com WX2200 3CRWX220095A Switch User Manual


 
Creating and Committing a Security ACL 381
The simplest security ACL permits or denies packets from a source IP
address:
set security acl ip acl-name {permit [cos cos] | deny}
source-ip-addr mask | any} [before editbuffer-index | modify
editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address
192.168.1.4, type the following command:
WX1200# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of
the protocols supported by MSS:
set security acl ip acl-name {permit [cos cos] | deny}
{protocol-number} {source-ip-addr mask | any} [[precedence
precedence] [tos tos] [dscp codepoint]] [before
editbuffer-index | modify editbuffer-index] [hits]
The following sample security ACL permits all Generic Routing
Encapsulation (GRE) packets from source IP address 192.168.1.11 to
destination IP address 192.168.1.15, with a precedence level of 0
(routine), and a type-of-service (TOS) level of 0 (normal). (For more
information about type-of-service and precedence levels, see the Wireless
LAN Switch and Controller Command Reference.) GRE is protocol number
47.
WX1200# set security acl ip acl-2 permit cos 2 47
192.168.1.11 0.0.0.0 192.168.1.15 0.0.0.0 precedence 0 tos 0
hits
The security ACL acl-2 described above also applies the CoS level 2
(medium priority) to the permitted packets. (For CoS details, see “Class of
Service” on page 382.) The keyword hits counts the number of times this
ACL affects packet traffic.
Table 30 lists common IP protocol numbers. (For a complete list of IP
protocol names and numbers, see
www.iana.org/assignments/protocol-numbers.) For commands that set
security ACLs for specific protocols, see the following information:
“Setting an ICMP ACL” on page 383
“Setting a TCP ACL” on page 385
“Setting a UDP ACL” on page 386