Placing one ace before another – 3Com WX4400 3CRWX440095A User Manual

Modifying a Security ACL

395

2 To add another ACE to the end of acl-violet, type the following

command:

WX1200# set security acl ip acl-violet permit
192.168.123.11 0.0.0.255 hits

3 To commit the updated security ACL acl-violet, type the following

command:

WX1200# commit security acl acl-violet
success: change accepted.

4 To display the updated acl-violet, type the following command:

WX1200# display security acl info
ACL information for all
set security acl ip acl-violet (hits #2 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits
2. permit IP source IP 192.168.123.11 0.0.0.255 destination IP any enable-hits

Placing One ACE

before Another

You can use the before editbuffer-index portion of the set security acl
command to place a new ACE before an existing ACE. For example,
suppose you want to deny some traffic from IP address 192.168.254.12
in acl-111. Follow these steps:

1 To display all committed security ACLs, type the following command:

WX1200# display security acl info
ACL information for all
set security acl ip acl-111 (hits #4 0)
----------------------------------------------------
1. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
set security acl ip acl-2 (hits #1 0)
----------------------------------------------------
1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP
192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits

2 To add the deny ACE to acl-111 and place it first, type the following

commands:

WX1200# set security acl ip acl-111 deny 192.168.254.12
0.0.0.255 before 1
WX1200# commit security acl acl-111
success: change accepted.