Nortel Networks 2300 Switch User Manual

Open as PDF

of 758

Configuring and managing security ACLs 425

Nortel WLAN—Security Switch 2300 Series Configuration Guide

Mapping security ACLs to ports, VLANs, virtual ports, or distributed APs

Security ACLs can be mapped to ports, VLANs, virtual ports, and Distributed APs. Use the following command:

set security acl map acl-name {vlan vlan-id | port port-list [tag tag-value] | ap ap-num} {in | out}

Specify the name of the ACL, the port, VLAN, tag value(s) of the virtual port, or the number of the Distributed AP to

which the ACL is to be mapped, and the direction for packet filtering. For virtual ports or Distributed APs, you can

specify a single value, a comma-separated list of values, a hyphen-separated range, or any combination, with no spaces.

For example, to map security ACL acl-222 to virtual ports 1 through 3 and 5 on port 2 to filter incoming packets, type

the following command:

WSS# set security acl map acl-222 port 2 tag 1-3,5 in

success: change accepted.

Plan your security ACL maps to ports, VLANs, virtual ports, and Distributed APs so that only one security ACL filters a

flow of packets. If more than one security ACL filters the same traffic, you cannot guarantee the order in which the ACE

rules are applied.

Displaying ACL maps to ports, VLANs, and virtual ports

Two commands display the port, VLAN, virtual port, and Distributed AP mapping of a specific security ACL. For

example, to show the ports, VLANs, virtual ports, and Distributed APs mapped to acl-999, type one of the following

commands:

WSS# show security acl map acl-999

ACL acl-999 is mapped to:

Port 9 In

Port 9 Out

WSS# show security acl

ACL table

ACL Type Class Mapping

-------------- -------------- ------------

acl-orange IP Static

acl-999 IP Static Port 9 In

Port 9 Out

acl-blue IP Static Port 1 In

acl-violet IP Static VLAN 1 Out

Clearing a security ACL map

To clear the mapping between a security ACL and one or more ports, VLANs, virtual ports, or Distributed APs, first

display the mapping with show security acl map and then use clear security acl map to remove it. This command

removes the mapping, but not the ACL.

For example, to clear the security ACL acljoe from a port, type the following commands:

WSS# show security acl map acljoe

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Nortel Networks 2300 Switch User Manual