Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

401

402

403

404

405

406

407

408

409

410

Security ACL Commands

Mobility System Software Command Reference Guide

Version 7.3

15 – 400

set security acl map

Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed

MP on the MX switch.

Syntax

set security acl map acl-name {vlan vlan-id | port port-list [tag tag-list]

| ap apnum} {in | out}

Defaults

None.

Access

Enabled.

History

Usage

Before you can map a security ACL, you must use the commit security acl command to

save the ACL in the running configuration and nonvolatile storage.

For best results, map only one input security ACL and one output security ACL to each VLAN,

physical port, virtual port, or Distributed MP to filter a flow of packets. If more than one security

ACL filters the same traffic, MSS applies only the first ACL match and ignores any other

matches.

Examples

The following command maps security ACL acl_133 to port 4 for incoming packets:

MX set security acl map acl_133 port 4 in

success: change accepted.

See Also

● clear security acl map on page 15-393

● commit security acl on page 15-394

Note:

To assign a security ACL to a user or group in the local MX database, use the

command set user attr, set mac-user attr, set usergroup attr, or set

mac-usergroup attr with the Filter-Id attribute. To assign a security ACL to a user

or group with Filter-Id on a RADIUS server, see the documentation for your RADIUS

server.

acl-name Name of an existing security ACL to map. ACL names start with a letter and are

case-insensitive.

vlan vlan-id VLAN name or number. MSS assigns the security ACL to the specified VLAN.

port port-list Port list. MSS assigns the security ACL to the specified physical MX port or ports.

tag tag-list One or more values that identify a virtual port in a VLAN. Specify a single tag value

from 1 through 4095. Or specify a comma-separated list of values, a hyphen-separated

range, or any combination, with no spaces. MSS assigns the security ACL to the

specified virtual port or ports.

ap apnum One or more MPs, based on their connection IDs. Specify a single connection ID, or

specify a comma-separated list of connection IDs, a hyphen-separated range, or any

combination, with no spaces. MSS assigns the security ACL to the specified MPs.

in Assigns the security ACL to traffic coming into the MX.

out Assigns the security ACL to traffic coming from the MX.

MSS Version 1.0 Command introduced.

MSS Version 1.1

❑ Keyword and variable tag tag-list added to allow security ACL mapping to virtual

ports.

❑ ACL names changed from case-sensitive to case-insensitive.

MSS Version 2.0 Keyword and variable dap dap-num added to allow security ACL mapping to

Distributed MPs.