3Com WX2200 3CRWX220095A Switch User Manual


 
Creating and Committing a Security ACL 387
To specify the order of the commands, use the following parameters:
before editbuffer-index inserts an ACE before a specific location.
modify editbuffer-index changes an existing ACE.
If the security ACL you specify when creating an ACE does not exist when
you enter set security acl ip, the specified ACL is created in the edit
buffer. If the ACL exists but is not in the edit buffer, the ACL reverts, or is
rolled back, to the state when its last ACE was committed, but it now
includes the new ACE.
For details, see “Placing One ACE before Another” on page 395 and
“Modifying an Existing Security ACL” on page 396.
Committing a
Security ACL
To put the security ACLs you have created into effect, use the commit
security acl command with the name of the ACL. For example, to
commit acl-99, type the following command:
WX1200# commit security acl acl-99
success: change accepted.
To commit all the security ACLs in the edit buffer, type the following command:
WX1200# commit security acl all
success: change accepted.
Viewing Security ACL
Information
To determine whether a security ACL is committed, you can check the
edit buffer and the committed ACLs. After you commit an ACL, MSS
removes it from the edit buffer.
To display ACLs, use the following commands:
display security acl editbuffer
display security acl info all editbuffer
display security acl info
display security acl
Use the first two commands to display the ACLs that you have not yet
committed to nonvolatile storage. The first command lists the ACLs by
name. The second command shows the ACLs in detail.
Use the display security acl info command to display ACLs that are
already committed. ACLs are not available for mapping until you commit
them. (To commit an ACL, use the commit security acl command. See
“Committing a Security ACL”.)