Committing a security acl, Viewing security acl information – 3Com WX4400 3CRWX440095A User Manual

Page 387

background image

Creating and Committing a Security ACL

387

To specify the order of the commands, use the following parameters:

„

before editbuffer-index inserts an ACE before a specific location.

„

modify editbuffer-index changes an existing ACE.

If the security ACL you specify when creating an ACE does not exist when
you enter set security acl ip, the specified ACL is created in the edit
buffer. If the ACL exists but is not in the edit buffer, the ACL reverts, or is
rolled back, to the state when its last ACE was committed, but it now
includes the new ACE.

For details, see “Placing One ACE before Another” on page 395 and
“Modifying an Existing Security ACL” on page 396.

Committing a

Security ACL

To put the security ACLs you have created into effect, use the commit
security acl
command with the name of the ACL. For example, to
commit acl-99, type the following command:

WX1200# commit security acl acl-99
success: change accepted.

To commit all the security ACLs in the edit buffer, type the following command:

WX1200# commit security acl all
success: change accepted.

Viewing Security ACL

Information

To determine whether a security ACL is committed, you can check the
edit buffer and the committed ACLs. After you commit an ACL, MSS
removes it from the edit buffer.

To display ACLs, use the following commands:

display security acl editbuffer
display security acl info all editbuffer
display security acl info
display security acl

Use the first two commands to display the ACLs that you have not yet
committed to nonvolatile storage. The first command lists the ACLs by
name. The second command shows the ACLs in detail.

Use the display security acl info command to display ACLs that are
already committed. ACLs are not available for mapping until you commit
them. (To commit an ACL, use the commit security acl command. See
“Committing a Security ACL”.)