Operation Manual
Security ACL Commands
Mobility System Software Command Reference Guide
Version 7.3
15 – 396
Syntax
By source address
set security acl ip acl-name {permit [cos cos] | deny} {source-ip-addr mask | any}
[before editbuffer-index | modify editbuffer-index] [hits]
By Layer 4 protocol
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any}
[[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
By IP packets
set security acl ip acl-name {permit [cos cos] | deny} ip {source-ip-addr mask |
any} {
destination-ip-addr mask | any} [[precedence precedence] [tos tos] | [dscp
codepoint]] [before editbuffer-index | modify editbuffer-index] [hits]
By ICMP packets
set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask |
any} {destination-ip-addr mask | any} [type icmp-type] [code icmp-code]
[[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
By TCP packets
set security acl ip acl-name {permit [cos cos] | deny}
tcp {source-ip-addr mask
| any [operator port [port2]]} {destination-ip-addr mask
| any [operator port [port2]]} [[precedence precedence] [tos tos] | [dscp
codepoint]]
[established] [before editbuffer-index | modify editbuffer-index] [hits]
By UDP packets
set security acl ip acl-name {permit [cos cos] | deny} udp {source-ip-addr mask |
any [operator port [port2]]} {destination-ip-addr mask | any [operator port
[port2]]} [[precedence precedence] [tos tos] | [dscp codepoint]]
[before editbuffer-index | modify
editbuffer-index] [hits]
By MAC Address
set security acl name acl-name {permit | deny} mac {src-mac-address|src-mask|any}
[dest-mac-addr|any|bpdu 01:80:C2:00:00:0X|broadcast FF:FF:FF:FF:FF:FF|
multicast X1:XX:XX:XX:XX:XX|pvst 01:00:0C:CC:CC:CD]ethertype
[hex-value|any|arp|ipv4|ipv6] [editaction [before|modify]capture|hits]