Specifications

RoamAbout Mobility System Software Command Line Reference 14-9

set security acl

Intheeditbuffer,createsasecurityaccesscontrollist(ACL),addsoneaccesscontrolentry(ACE)

toasecurity ACL,and/orreordersACEsintheACL.TheACEsinanACLfilterIPpacketsby

sourceIPaddress,aLayer 4protocol,orIP,ICMP,TCP,orUDPpacketinformation.

Syntax

Bysourceaddress:

set security acl ip acl-name {permit [cos cos] | deny} source-ip-addr mask

[before editbuffer-index | modify editbuffer-index] [hits]

ByLayer4protocol:

set security acl ip acl-name {permit [cos cos] | deny} protocol-number {source-

ip-addr mask destination-ip-addr mask} [precedence precedence][tos tos]

[before editbuffer-index | modify editbuffer-index] [hits]

ByIPpackets:

set security acl ip acl-name {permit [cos cos] | deny} ip {source-ip-addr mask

destination-ip-addr mask} [precedence precedence][tos tos] [before editbuffer-

index | modify editbuffer-index] [hits]

ByICMPpackets:

set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask

destination-ip-addr mask} [type icmp-type][code icmp-code]

[precedence precedence][tos tos] [before editbuffer-index | modify editbuffer-

index] [hits]

ByTCPpackets:

set security acl ip acl-name {permit [cos cos] | deny} tcp {source-ip-addr mask

[operator port [port2]] destination-ip-addr mask [operator port [port2]]}

[precedence precedence][tos tos] [established] [before editbuffer-

index | modify editbuffer-index] [hits]

ByUDPpackets:

set security acl ip acl-name {permit [cos cos] | deny} udp {source-ip-addr mask

[operator port [port2]] destination-ip-addr mask [operator port [port2]]}

[precedence precedence][tos tos] [before editbuffer-index | modify editbuffer-

index] [hits]