set security acl map 385
The following command adds an ACE to acl_123 that denies packets
from IP address 192.168.2.11:
WX4400# set security acl ip acl_123 deny 192.168.2.11
0.0.0.0
The following command creates acl_125 by defining an ACE that denies
TCP packets from source IP address 192.168.0.1 to destination IP address
192.168.0.2 for established sessions only, and counts the hits:
WX4400# set security acl ip acl_125 deny tcp
192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits
The following command adds an ACE to acl_125 that denies TCP packets
from source IP address 192.168.1.1 to destination IP address
192.168.1.2, on destination port 80 only, and counts the hits:
WX4400# set security acl ip acl_125 deny tcp
192.168.1.1 0.0.0.0 192.168.1.2 0.0.0.0 eq 80 hits
Finally, the following command commits the security ACLs in the edit
buffer to the configuration:
WX4400# commit security acl all
configuration accepted
See Also
■ “clear security acl” on page 366
■ “commit security acl” on page 369
■ “display security acl” on page 370
set security acl map Assigns a committed security ACL to a VLAN, physical port or ports,
virtual port, or Distributed MAP on the WX switch.
To assign a security ACL to a user or group in the local WX database, use
the command set user attr, set mac-user attr, set usergroup attr, or
set mac-usergroup attr with the Filter-Id attribute. To assign a security
ACL to a user or group with Filter-Id on a RADIUS server, see the
documentation for your RADIUS server.
