Specifications
Firewall Configuration 397
Chapter 18
Enter rules in the order you wish them to be applied.
If you wish to change the position of a rule in the list, use the position option
to move the rule to a specific line.
Use the show access-list <aclName> command from the CLI to view a specific
firewall policy.
Use the show access-list brief command to see a listing of the current ACLs
Applying Policies to Physical Ports
Add a policy to a specific port from the CLI using the interface fastethernet
mode commands.
Enter the config-if mode.
(Alcatel) (config-sess-foo-acl)# user alias Int_net svc-dhcp permit
(Alcatel) (config-sess-foo-acl)# user alias Int_net svc-dns permit
(Alcatel) (config-sess-foo-acl)# user any svc-http permit
(Alcatel) (config-sess-foo-acl)# user any svc-https permit
(Alcatel) (config-sess-foo-acl)# user any svc-ike permit
(Alcatel) (config-sess-foo-acl)# user any any deny
(Alcatel) (config-sess-foo-acl)# user any svc-ike permit position 3
(Alcatel) (config) #show access-list brief
Access list table
-----------------
Name Type Use Count Roles
---- ---- --------- -----
control session 4 logon ap-role stateful guest
captiveportal session 1 logon
allowall session 1 trusted-ap
vpnlogon session 1 logon
cplogout session 1 guest
guest session 0
stateful-dot1x session 0
ap-acl session 1 ap-role
stateful-kerberos session 0
(Alcatel) (config) #interface fastethernet 1/22
(Alcatel) (config-if)#
2
1