245
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Security ACLs
configuration in the local database on the switch or on the RADIUS servers where packet
filters are authorized. To delete a security ACL from a user’s configuration on a RADIUS
server, see the documentation for your RADIUS server.
If you no longer need the security ACL, delete it from the configuration with the
clear
security acl
and
commit security acl
commands. (See Clearing Security ACLs.)
Modifying a Security ACL
You can modify a security ACL in the following ways:
• Add another ACE to a security ACL, at the end of the ACE list. (See Adding Another
ACE to a Security ACL.)
• Place an ACE before another ACE, so it is processed before subsequent ACEs,
using the
before
editbuffer-index
portion of the
set security acl
commands. (See
Placing One ACE before Another.)
• Modify an existing ACE using the
modify
editbuffer-index
portion of the
set security
acl
commands. (See Modifying an Existing Security ACL.)
• Use the
rollback
command set to clear changes made to the security ACL edit buffer
since the last time it was saved. The ACL is rolled back to its state at the last
commit
command. (See Clearing Security ACLs from the Edit Buffer.)
• Use the
clear security acl map
command to stop the filtering action of an ACL on a
port, VLAN, or virtual port. (See Clearing a Security ACL Map.)
• Use
clear security acl
plus
commit security acl
to completely delete the ACL from
the switch’s configuration. (See Clearing Security ACLs.)
Adding Another ACE to a Security ACL
The simplest way to modify a security ACL is to add another ACE. For example, suppose
you wanted to modify an existing ACL named
acl-violet.
Follow these steps:
1.
To display all committed security ACLs, type the following command:
DWS-1008#
show security acl info all
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits
2.
To add another ACE to the end of
acl-violet
, type the following command: