552 CHAPTER 14: SECURITY ACL COMMANDS
Examples — The following commands show the edit buffer before a
rollback, clear any changes in the edit buffer to security acl_122, and
show the edit buffer after the rollback:
WX4400# display security acl info all editbuffer
ACL edit-buffer information for all
set security acl ip acl_122 (ACEs 3, add 3, del 0, modified 0)
---------------------------------------------------------
1. permit IP source IP 20.0.1.11 0.0.0.255 destination IP any enable-hits
2. deny IP source IP 20.0.2.11 0.0.0.0 destination IP any
3. deny SRC source IP 192.168.1.234 255.255.255.255 enable-hits
WX4400# rollback security acl acl_122
WX4400# display security acl info all editbuffer
ACL edit-buffer information for all
See Also
display security acl on page 542
set security acl In the edit buffer, creates a security access control list (ACL), adds one
access control entry (ACE) to a security ACL, and/or reorders ACEs in the
ACL. The ACEs in an ACL filter IP packets by source IP address, a Layer 4
protocol, or IP, ICMP, TCP, or UDP packet information.
By source address
Syntax —
set security acl ip acl-name {permit [cos cos] | deny}
source-ip-addr mask [before editbuffer-index | modify
editbuffer-index] [hits]
By Layer 4 protocol
Syntax —
set security acl ip acl-name {permit [cos cos] | deny}
protocol-number {source-ip-addr mask destination-ip-addr
mask} [precedence precedence] [tos tos] [before
editbuffer-index | modify editbuffer-index] [hits]
By IP packets
Syntax —
set security acl ip acl-name {permit [cos cos] | deny}
ip {source-ip-addr mask destination-ip-addr mask} [precedence
precedence] [tos tos] [before editbuffer-index | modify
editbuffer-index] [hits]