Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
241242243244245246247248249250
245
DWS-1008 User’s Manual
D-Link Systems, Inc.
Conguring and Managing Security ACLs
conguration in the local database on the switch or on the RADIUS servers where packet
lters are authorized. To delete a security ACL from a user’s conguration on a RADIUS
server, see the documentation for your RADIUS server.
If you no longer need the security ACL, delete it from the conguration with the clear
security acl and commit security acl commands. (See Clearing Security ACLs.)
Modifying a Security ACL
You can modify a security ACL in the following ways:
Add another ACE to a security ACL, at the end of the ACE list. (See Adding Another
ACE to a Security ACL.)
Place an ACE before another ACE, so it is processed before subsequent ACEs,
using the before editbuffer-index portion of the set security acl commands. (See
Placing One ACE before Another.)
Modify an existing ACE using the modify editbuffer-index portion of the set security
acl commands. (See Modifying an Existing Security ACL.)
Use the rollback command set to clear changes made to the security ACL edit buffer
since the last time it was saved. The ACL is rolled back to its state at the last commit
command. (See Clearing Security ACLs from the Edit Buffer.)
Use the clear security acl map command to stop the ltering action of an ACL on a
port, VLAN, or virtual port. (See Clearing a Security ACL Map.)
Use clear security acl plus commit security acl to completely delete the ACL from
the switch’s conguration. (See Clearing Security ACLs.)
Adding Another ACE to a Security ACL
The simplest way to modify a security ACL is to add another ACE. For example, suppose
you wanted to modify an existing ACL named acl-violet. Follow these steps:
1. To display all committed security ACLs, type the following command:
DWS-1008# show security acl info all
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits
2. To add another ACE to the end of acl-violet, type the following command: