246
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Security ACLs
DWS-1008#
set security acl ip acl-violet permit 192.168.123.11 0.0.0.255 hits
3.
To commit the updated security ACL
acl-violet
, type the following command:
DWS-1008#
commit security acl acl-violet
success: change accepted.
4.
To display the updated
acl-violet
, type the following command:
DWS-1008#
show security acl info all
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits
2. permit IP source IP 192.168.123.11 0.0.0.255 destination IP any enable-hits
Placing One ACE before Another
You can use the
before
editbuffer-index
portion of the
set security acl
command to place a
new ACE before an existing ACE. For example, suppose you want to deny some traffic from
IP address 192.168.254.12 in
acl-111
. Follow these steps:
1.
To display all committed security ACLs, type the following command:
DWS-1008#
show security acl info all
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits
2.
To add the deny ACE to
acl-111
and place it first, type the following commands:
DWS-1008#
set security acl ip acl-111 deny 192.168.254.12 0.0.0.255 before 1
DWS-1008#
commit security acl acl-111
success: change accepted.
3.
To view the results, type the following command:
Summary of Contents for DWS-1008
Page 1: ......