Specifications
Modifying a Security ACL
RoamAbout Mobility System Software Configuration Guide 15-17
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-
hits
2. permit IP source IP 192.168.123.11 0.0.0.255 destination IP any enable-
hits
Placing One ACE before Another
Youcanusethebeforeeditbuffer‐indexportionofthesetsecurityaclcommandtoplaceanewACE
beforeanexistingACE.
Example
Forexample,supposeyouwanttodenysometrafficfromIPaddress192.168.254.12inacl‐111.
Followthesesteps:
1. TodisplayallcommittedsecurityACLs,typethefollowingcommand:
RBT-8100# show security acl info
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits
2. ToaddthedenyACEtoacl‐111andplaceitfirst,typethefollowingcommands:
RBT-8100# set security acl ip acl-111 deny 192.168.254.12 0.0.0.255 before 1
RBT-8100# commit security acl acl-111
success: change accepted.
3. Toviewtheresults,typethefollowingcommand:
RBT-8100# show security acl info
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. deny IP source IP 192.168.254.12 0.0.0.255 destination IP any
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits