Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
241242243244245246247248249250
243
DWS-1008 User’s Manual
D-Link Systems, Inc.
Conguring and Managing Security ACLs
Mapping Target Commands
User authenticated
by a password
set user username attr lter-id acl-name.
in
set user username attr lter-id acl-name.
out
User authenticated
by a MAC address
set mac-user username attr lter-id acl-
name.in
set mac-user username attr lter-id acl-
name.out
When assigned the Filter-Id attribute, an authenticated user with a current session receives
packets based on the security ACL. For example, to restrict incoming packets for Natasha to
those specied in acl-222, type the following command:
DWS-1008# set user Natasha attr lter-id acl-222.in
success: change accepted.
Mapping Security ACLs to Ports, VLANs, Virtual Ports, or Distributed
APs
Security ACLs can be mapped to ports, VLANs, virtual ports, and Distributed APs. Use the
following command:
set security acl map acl-name {vlan vlan-id | port port-list [tag tag-value] | dap dap-num}
{in | out}
Specify the name of the ACL, the port, VLAN, tag value(s) of the virtual port, or the number
of the Distributed AP to which the ACL is to be mapped, and the direction for packet ltering.
For virtual ports or Distributed APs, you can specify a single value, a comma-separated list of
values, a hyphen-separated range, or any combination, with no spaces. For example, to map
security ACL acl-222 to virtual ports 1 through 3 and 5 on port 2 to lter incoming packets, type
the following command:
DWS-1008# set security acl map acl-222 port 2 tag 1-3,5 in
success: change accepted.
Plan your security ACL maps to ports, VLANs, virtual ports, and Distributed APs so that only
one security ACL lters a ow of packets. If more than one security ACL lters the same
trafc, you cannot guarantee the order in which the ACE rules are applied.