set security acl 443

„before editbuffer-index— Inserts the new ACE in front of another ACE in the security ACL. Specify the number of the existing ACE in the edit buffer. Index numbers start at 1. (To display the edit buffer, use display security acl editbuffer.)

„modify editbuffer-index— Replaces an ACE in the security ACL with the new ACE. Specify the number of the existing ACE in the edit buffer. Index numbers start at 1. (To display the edit buffer, use display security acl editbuffer.)

„hits — Tracks the number of packets that are filtered based on a security ACL, for all mappings.

Defaults — Permitted packets are assigned to class-of-service (CoS) class 0 by default.

Access — Enabled.

History — Introduced in MSS Version 3.0.

Usage — The WX switch does not apply security ACLs until you activate them with the commit security acl command and map them to a VLAN, port, or virtual port, or to a user. If the WX switch is reset or restarted, any ACLs in the edit buffer are lost.

You cannot perform ACL functions that include permitting, denying, or marking with a Class of Service (CoS) level on packets with a multicast or broadcast destination address.

The order of security ACEs in a security ACL is important. Once an ACL is active, its ACEs are checked according to their order in the ACL. If an ACE criterion is met, its action takes place and any ACEs that follow are ignored.

ACEs are listed in the order in which you create them, unless you move them. To position security ACEs within a security ACL, use before editbuffer-indexand modify editbuffer-index.

Examples — The following command adds an ACE to security acl_123 that permits packets from IP address 192.168.1.11/24 and counts the hits:

WX4400# set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits