243
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Security ACLs
Mapping Target
Commands
User authenticated
by a password
set user
username
attr filter-id
acl-name
.
in
set user
username
attr filter-id
acl-name
.
out
User authenticated
by a MAC address
set mac-user
username
attr filter-id
acl-
name
.in
set mac-user
username
attr filter-id
acl-
name
.out
When assigned the Filter-Id attribute, an authenticated user with a current session receives
packets based on the security ACL. For example, to restrict incoming packets for Natasha to
those specified in
acl-222
, type the following command:
DWS-1008#
set user Natasha attr filter-id acl-222.in
success: change accepted.
Mapping Security ACLs to Ports, VLANs, Virtual Ports, or Distributed
APs
Security ACLs can be mapped to ports, VLANs, virtual ports, and Distributed APs. Use the
following command:
set security acl map
acl-name
{
vlan
vlan-id
|
port
port-list
[
tag
tag-value
] |
dap
dap-num
}
{
in
|
out
}
Specify the name of the ACL, the port, VLAN, tag value(s) of the virtual port, or the number
of the Distributed AP to which the ACL is to be mapped, and the direction for packet filtering.
For virtual ports or Distributed APs, you can specify a single value, a comma-separated list of
values, a hyphen-separated range, or any combination, with no spaces. For example, to map
security ACL
acl-222
to virtual ports 1 through 3 and 5 on port 2 to filter incoming packets, type
the following command:
DWS-1008#
set security acl map acl-222 port 2 tag 1-3,5 in
success: change accepted.
Plan your security ACL maps to ports, VLANs, virtual ports, and Distributed APs so that only
one security ACL filters a flow of packets. If more than one security ACL filters the same
traffic, you cannot guarantee the order in which the ACE rules are applied.