Configuring and managing security ACLs 429Nortel WLAN—Security Switch 2300 Series Configuration GuideModifying an existing security ACLYou can use the modify editbuffer-index portion of the set security acl command to modify an active security ACL. Forexample, suppose the ACL acl-111 currently blocks some packets from IP address 192.168.254.12 with the mask0.0.0.255 and you want to change the ACL to permit all packets from this address. Follow these steps:1 To display all committed security ACLs, type the following command:WSS# show security acl infoACL information for allset security acl ip acl-111 (hits #4 0)----------------------------------------------------1. deny IP source IP 192.168.254.12 0.0.0.255 destination IPany2. permit IP source IP 192.168.253.11 0.0.0.0 destination IPanyset security acl ip acl-2 (hits #1 0)----------------------------------------------------1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0enable-hits2 To modify the first ACE in acl-111, type the following commands:WSS# set security acl ip acl-111 permit 192.168.254.12 0.0.0.0 modify 1WSS# commit security acl acl-111success: change accepted.3 To view the results, type the following command:WSS# show security acl infoACL information for allset security acl ip acl-111 (hits #4 0)----------------------------------------------------1. permit IP source IP 192.168.254.12 0.0.0.0 destination IPany2. permit IP source IP 192.168.253.11 0.0.0.0 destination IPanyset security acl ip acl-2 (hits #1 0)----------------------------------------------------1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0enable-hits