Manualshelf

Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series
461462463464465466467468469470
464 Security ACL Commands
NN47250-100 (Version 02.51)
set security acl
In the edit buffer, creates a security access control list (ACL), adds one access control entry (ACE) to a security ACL,
and/or reorders ACEs in the ACL. The ACEs in an ACL filter IP packets by source IP address, a Layer 4 protocol, or IP,
ICMP, TCP, or UDP packet information.
Syntax
By source address
set security acl ip acl-name {permit [cos cos] | deny} {source-ip-addr mask | any}
[before editbuffer-index | modify editbuffer-index] [hits]
By Layer 4 protocol
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any}
[[precedence precedence][tos tos] | [dscp codepoint]] [before editbuffer-
index | modify editbuffer-index] [hits]
By IP packets
set security acl ip acl-name {permit [cos cos] | deny} ip {source-ip-addr mask | any}
{destination-ip-addr mask | any} [[precedence precedence][tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
By ICMP packets
set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask | any}
{destination-ip-addr mask | any} [type icmp-type][code icmp-code]
[[precedence precedence][tos tos] | [dscp codepoint]] [before editbuffer-
index | modify editbuffer-index] [hits]
By TCP packets
set security acl ip acl-name {permit [cos cos] | deny}
tcp {source-ip-addr mask | any [operator port [port2]]} {destination-ip-addr mask | any
[operator port [port2]]} [[precedence precedence][tos tos] | [dscp codepoint]]
[established] [before editbuffer-index | modify editbuffer-index] [hits]