Configuring and Managing Security ACLs 369
Nortel WLAN Security Switch 2300 Series Configuration Guide
For example, to clear the security ACL acljoe from a port, type the following commands:
23x0# show security acl map acljoe
ACL acljoe is mapped to:
Port 4 In
23x0# clear security acl map acljoe port 4 in
success: change accepted.
After you clear the mapping between port 4 and ACL acljoe, the following is displayed when you enter show security
acl map:
23x0# show security acl map acljoe
ACL acljoe is mapped to:
Clearing a security ACL mapping does not stop the current filtering function if the ACL has other mappings. If the
security ACL is mapped to another port, a VLAN, a virtual port, or a Distributed AP, you must enter a clear security acl
map command to clear each map.
To stop the packet filtering of a user-based security ACL, you must modify the user’s configuration in the local database
on the WSS switch or on the RADIUS servers where packet filters are authorized. For information about deleting a
security ACL from a user’s configuration in the local WSS database, see “Clearing a Security ACL from a User or
Group” on page 453. To delete a security ACL from a user’s configuration on a RADIUS server, see the documentation
for your RADIUS server.
If you no longer need the security ACL, delete it from the configuration with the clear security acl and commit security
acl commands. (See “Clearing Security ACLs” on page 365.)
Modifying a Security ACL
You can modify a security ACL in the following ways:
• Add another ACE to a security ACL, at the end of the ACE list. (See “Adding Another ACE to a Security ACL” on
page 370.)
• Place an ACE before another ACE, so it is processed before subsequent ACEs, using the before editbuffer-index
portion of the set security acl commands. (See “Placing One ACE before Another” on page 371.)
• Modify an existing ACE using the modify editbuffer-index portion of the set security acl commands. (See
“Modifying an Existing Security ACL” on page 372.)
•Use the rollback command set to clear changes made to the security ACL edit buffer since the last time it was
saved. The ACL is rolled back to its state at the last commit command. (See “Clearing Security ACLs from the Edit
Buffer” on page 373.)
•Use the clear security acl map command to stop the filtering action of an ACL on a port, VLAN, or virtual port.
(See “Clearing a Security ACL Map” on page 368.)
•Use clear security acl plus commit security acl to completely delete the ACL from the WSS switch’s
configuration. (See “Clearing Security ACLs” on page 365.)
