Nortel Networks 2300 manual Displaying ACL Maps to Ports, VLANs, and Virtual Ports

368Configuring and Managing Security ACLs

Mapping Security ACLs to Ports, VLANs, Virtual Ports, or Distributed APs

Security ACLs can be mapped to ports, VLANs, virtual ports, and Distributed APs. Use the following command:

set security acl map acl-name{vlan vlan-idport port-list[tag tag-value] dap dap-num} {in out}

Specify the name of the ACL, the port, VLAN, tag value(s) of the virtual port, or the number of the Distributed AP to which the ACL is to be mapped, and the direction for packet filtering. For virtual ports or Distributed APs, you can specify a single value, a comma-separated list of values, a hyphen-separated range, or any combination, with no spaces. For example, to map security ACL acl-222to virtual ports 1 through 3 and 5 on port 2 to filter incoming packets, type the following command:

23x0# set security acl map acl-222 port 2 tag 1-3,5 in

success: change accepted.

Plan your security ACL maps to ports, VLANs, virtual ports, and Distributed APs so that only one security ACL filters a flow of packets. If more than one security ACL filters the same traffic, you cannot guarantee the order in which the ACE rules are applied.

Displaying ACL Maps to Ports, VLANs, and Virtual Ports

Two commands display the port, VLAN, virtual port, and Distributed AP mapping of a specific security ACL. For example, to show the ports, VLANs, virtual ports, and Distributed APs mapped to acl-999, type one of the following commands:

23x0# show security acl map acl-999

ACL acl-999 is mapped to:

Port 9 In

Port 9 Out

23x0# show security acl ACL table

Clearing a Security ACL Map

To clear the mapping between a security ACL and one or more ports, VLANs, virtual ports, or Distributed APS, first display the mapping with show security acl map and then use clear security acl map to remove it. This command removes the mapping, but not the ACL.

320657-A