Filter
Top Products
D-Link DWS-1008 CLI Manual 479
The following command creates acl_125 by defining an ACE that denies TCP packets from source
IP address 192.168.0.1 to destination IP address 192.168.0.2 for established sessions only, and
counts the hits:
DWS-1008# set security acl ip acl_125 deny tcp 192.168.0.1 0.0.0.0 192.168.0.2
0.0.0.0 established hits
The following command adds an ACE to acl_125 that denies TCP packets from source IP address
192.168.1.1 to destination IP address 192.168.1.2, on destination port 80 only, and counts the
hits:
DWS-1008# set security acl ip acl_125 deny tcp 192.168.1.1 0.0.0.0 192.168.1.2
0.0.0.0 eq 80 hits
Finally, the following command commits the security ACLs in the edit buffer to the configuration:
DWS-1008# commit security acl all
configuration accepted
See Also:
• clear security acl
• commit security acl
• show security acl
set security acl map
Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed
AP on the switch.
Note: To assign a security ACL to a user or group in the local database, use the command
set user attr, set mac-user attr, set usergroup attr, or set mac-usergroup attr with the Filter-Id
attribute. To assign a security ACL to a user or group with Filter-Id on a RADIUS server, see the
documentation for your RADIUS server.
Syntax: set security acl map acl-name {vlan vlan-id | port port-list
[tag tag-list] | dap dap-num} {in | out}
acl-name Name of an existing security ACL to map. ACL names start with a letter and
are case-insensitive.
vlan vlan-id VLAN name or number. MSS assigns the security ACL to the specified
VLAN.
port port-list Port list. MSS assigns the security ACL to the specified physical switch port
or ports.