set security acl map 557
The following command adds an ACE to acl_123 that denies packets
from IP address 192.168.2.11:
WX4400# set security acl ip acl_123 deny 192.168.2.11
0.0.0.0
The following command creates acl_125 by defining an ACE that denies
TCP packets from source IP address 192.168.0.1 to destination IP address
192.168.0.2 for established sessions only, and counts the hits:
WX4400# set security acl ip acl_125 deny tcp
192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits
The following command adds an ACE to acl_125 that denies TCP packets
from source IP address 192.168.1.1 to destination IP address
192.168.1.2, on destination port 80 only, and counts the hits:
WX4400# set security acl ip acl_125 deny tcp
192.168.1.1 0.0.0.0 192.168.1.2 0.0.0.0 eq 80 hits
Finally, the following command commits the security ACLs in the edit
buffer to the configuration:
WX4400# commit security acl all
configuration accepted
See Also
clear security acl on page 538
commit security acl on page 541
display security acl on page 542
set security acl map Assigns a committed security ACL to a VLAN, physical port or ports,
virtual port, or Distributed MAP on the WX switch.
To assign a security ACL to a user or group in the local WX database, use
the command set user attr, set mac-user attr, set usergroup attr, or
set mac-usergroup attr with the Filter-Id attribute. To assign a security
ACL to a user or group with Filter-Id on a RADIUS server, see the
documentation for your RADIUS server.