Command Reference Guide
3Com Router 5000 Family and Router 6000 Family security acl ● 279
Command Reference
security acl
Purpose Use the security acl command to set an access control list to be used by the
ipsec policy and specify the data stream protection mode.
Use the undo security acl command to remove the access control list used by
the ipsec policy.
Syntax security acl acl-number [ aggregation | per-session ]
undo security acl
Parameters acl-number
Specifies the number of the access control list used by
the ipsec policy. Valid values are 3000 to 3999.
aggregation
Specifies the data stream protection mode of the IPSec
policy to be the aggregation mode.
per-session
Specifies the data stream protection mode of the IPSec
policy to be the per-session mode, which is supported
only by isakmp negotiation mode.
Default By default, no ACL has been specified for the IPSec policies. If neither the aggregation
mode nor per-session mode is specified when this command is executed, the default
data protection mode, i.e. the standard mode, is used to establish a tunnel for each
data stream defined in the ACL.
Example Set the ipsec policy as using access control list 3001, and the data protection mode as
aggregation.
[3Com] acl number 3001
[3Com-acl-adv-3001] rule permit tcp source 10.1.1.1 0.0.0.255
destination 10.1.1.2 0.0.0.255
[3Com] ipsec policy beijing 100 manual
[3Com-ipsec-policy-manual-beijing-100] security acl 3001 aggregation
View This command can be used in the following views:
■ IPSec Policy view
■ IPSec Policy Template view
Description Now, IPSec protects the data flow that matches the specified ACL in three modes:
■ Standard mode: Establishes a tunnel according to each specified ACL rule to
protect the packets that match the ACL.
■ Aggregation mode: Establishes a tunnel to protect all data flows that match the
ACL.