Configuring and managing security ACLs 485
Nortel WLAN—Security Switch 2300 Series Configuration Guide

Setting a source IP ACL

You can create an ACE that filters packets based on the source IP address and optionally applies CoS packet handling.
(For CoS details, see “Class of Service” on page 486.) You can also determine where the ACE is placed in the security
ACL by using the before editbuffer-index or modify editbuffer-index variables with an index number. You can use the
hits counter to track how many packets the ACL filters.
The simplest security ACL permits or denies packets from a source IP address:
set security acl ip acl-name {permit [cos cos] | deny}
{source-ip-addr mask | any} [before editbuffer-index | modify editbuffer-index] [hits]
For example, to create ACL acl-1 that permits all packets from IP address 192.168.1.4, type the following command:
WSS# set security acl ip acl-1 permit 192.168.1.4 0.0.0.0
With the following basic security ACL command, you can specify any of the protocols supported by WSS Software:
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any} [[precedence precedence][tos
tos] | [dscp codepoint]] [before editbuffer-index |modifyeditbuffer-index] [hits]
The following sample security ACL permits all Generic Routing Encapsulation (GRE) packets from source IP address
192.168.1.11 to destination IP address 192.168.1.15, with a precedence level of 0 (routine), and a type-of-service (TOS)
level of 0 (normal). (For more information about type-of-service and precedence levels, see the Nortel WLAN Security
Switch 2300 Series Command Line Reference.) GRE is protocol number 47.
WSS# set security acl ip acl-2 permit cos 2 47 192.168.1.11 0.0.0.0 192.168.1.15 0.0.0.0
precedence 0 tos 0 hits
The security ACL acl-2 described above also applies the CoS level 2 (medium priority) to the permitted packets. (For
CoS details, see “Class of Service” on page 486.) The keyword hits counts the number of times this ACL affects packet
traffic.
Table 27 lists common IP protocol numbers. (For a complete list of IP protocol names and numbers, see www.iana.org/
assignments/protocol-numbers.) For commands that set security ACLs for specific protocols, see the following
information:
“Setting an ICMP ACL” on page 488
“Setting a TCP ACL” on page 490
“Setting a UDP ACL” on page 490

Table 27: Common IP protocol numbers

Number IP Protocol
1 Internet Message Control Protocol (ICMP)
2 Internet Group Management Protocol (IGMP)
6 Transmission Control Protocol (TCP)
9 Any private interior gateway (used by Cisco for Internet Gateway Routing
Protocol)