3Com WX2200 3CRWX220095A Switch User Manual


 
394 CHAPTER 19: CONFIGURING AND MANAGING SECURITY ACLS
If you no longer need the security ACL, delete it from the configuration
with the clear security acl and commit security acl commands. (See
“Clearing Security ACLs” on page 390.)
Modifying a
Security ACL
You can modify a security ACL in the following ways:
Add another ACE to a security ACL, at the end of the ACE list. (See
“Adding Another ACE to a Security ACL” on page 394.)
Place an ACE before another ACE, so it is processed before
subsequent ACEs, using the before editbuffer-index portion of the
set security acl commands. (See “Placing One ACE before Another”
on page 395.)
Modify an existing ACE using the modify editbuffer-index portion of
the set security acl commands. (See “Modifying an Existing Security
ACL” on page 396.)
Use the rollback command set to clear changes made to the security
ACL edit buffer since the last time it was saved. The ACL is rolled back
to its state at the last commit command. (See “Clearing Security ACLs
from the Edit Buffer” on page 397.)
Use the clear security acl map command to stop the filtering action
of an ACL on a port, VLAN, or virtual port. (See “Clearing a Security
ACL Map” on page 393.)
Use clear security acl plus commit security acl to completely delete
the ACL from the WX switch’s configuration. (See “Clearing Security
ACLs” on page 390.)
Adding Another ACE
to a Security ACL
The simplest way to modify a security ACL is to add another ACE. For
example, suppose you wanted to modify an existing ACL named
acl-violet. Follow these steps:
1 To display all committed security ACLs, type the following command:
WX1200# display security acl info
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits