D-Link dws-1008 manual Established, Hits, DWS-1008#set security acl ip acl123 deny 192.168.2.11

Defaults: By default, permitted packets are classified based on DSCP value, which is converted into an internal CoS value in the switch’s CoS map. The packet is then marked with a DSCP value based on the internal CoS value. If the ACE contains the cos option, this option overrides the switch’s CoS map and marks the packet based on the ACE.

Access: Enabled.

Usage: The switch does not apply security ACLs until you activate them with the commit security acl command and map them to a VLAN, port, or virtual port, or to a user. If the switch is reset or restarted, any ACLs in the edit buffer are lost.

You cannot perform ACL functions that include permitting, denying, or marking with a Class of Service (CoS) level on packets with a multicast or broadcast destination address.

The order of security ACEs in a security ACL is important. Once an ACL is active, its ACEs are checked according to their order in the ACL. If an ACE criterion is met, its action takes place and any ACEs that follow are ignored. ACEs are listed in the order in which you create them, unless you move them. To position security ACEs within a security ACL, use before editbuffer-index and modify editbuffer-index.

Examples: The following command adds an ACE to security acl_123 that permits packets from IP address 192.168.1.11/24 and counts the hits:

DWS-1008#set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits

The following command adds an ACE to acl_123 that denies packets from IP address 192.168.2.11:

DWS-1008#set security acl ip acl_123 deny 192.168.2.11 0.0.0.0