Creating And Committing A Security Acl - D-Link DWS-1008 User Manual
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
Creating and Committing a Security ACL
The security ACLs you create can filter packets by source address, IP protocol, port type, and
other characteristics. When you configure an ACE for a security ACL, MSS stores the ACE in
the edit buffer until you commit the ACL to be saved to the permanent configuration. You must
commit a security ACL before you can apply it to an authenticated user's session or map it to
a port, VLAN, virtual port, or Distributed AP. Every security ACL must have a name.
Setting a Source IP ACL
You can create an ACE that filters packets based on the source IP address and optionally
applies CoS packet handling. (For CoS details, see Class of Service.) You can also determine
where the ACE is placed in the security ACL by using the before editbuffer-index or modify
editbuffer-index variables with an index number. You can use the hits counter to track how
many packets the ACL filters.
The simplest security ACL permits or denies packets from a source IP address:
set security acl ip acl-name {permit [cos cos] | deny} source-ip-addr mask
[before editbuffer-index | modify editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type
the following command:
DWS-1008# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of the protocols
supported by MSS:
set security acl ip acl-name {permit [cos cos] | deny} {protocol} {source-ip-addr
mask destination-ip-addr mask} [precedence precedence] [tos tos] [before editbuffer-index
| modify editbuffer-index] [hits]
The following sample security ACL permits all Generic Routing Encapsulation (GRE)
packets from source IP address 192.168.1.11 to destination IP address 192.168.1.15, with
a precedence level of 0 (routine), and a type-of-service (TOS) level of 0 (normal). GRE is
protocol number 47.
DWS-1008# set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0 192.168.1.15
0.0.0.0 precedence 0 tos 0 hits
The security ACL acl-2 described above also applies the CoS level 2 (medium priority) to
the permitted packets. (For CoS details, see Class of Service.) The keyword hits counts the
number of times this ACL affects packet traffic.
The table on the next page lists common IP protocol numbers.
D-Link Systems, Inc.
Configuring and Managing Security ACLs
234
Advertisement
Table of Contents
