Blade ICE G8000 manual Viewing ACL statistics, Use the following command to view ACL statistics

Page 99

RackSwitch G8000 Application Guide

NOTE – To ensure your ACLs function properly, do not assign the same ACL to different ports using different filtering directions. It is recommended that you create two ACLs, one for ingress traffic, and one for egress traffic.

To assign an ACL to a port:

RS G8000		(config)# interface port 1
RS	G8000	(config-if)#	ip access-group 1001 in
RS	G8000	(config-if)#	exit

To delete an ACL from a port:

RS G8000		(config)# interface port 1
RS	G8000	(config-if)#	no ip access-group 1001 in
RS	G8000	(config-if)#	exit

Each port retains its assigned ACLs, even if the port becomes a member of a trunk group (portchannel).

Viewing ACL statistics

ACL statistics display how many packets hit (matched) each ACL. Use ACL statistics to check filter performance, and debug the ACL filters. You must enable statistics for each ACL that you want to monitor. Use the following command to enable statistics for the ACL:

RS G8000 (config)# access-list ip standard 1 statistics

Use the following command to view ACL statistics:

RS G8000 (config)# show access-list counters

BMD00041, November 2008

Chapter 6: Quality of Service 99

Image 99

Contents Application Guide RackSwitch G8000 Application Guide Contents Ports and Trunking Quality of Service Appendix a Troubleshooting Figures RackSwitch G8000 Application Guide Tables RackSwitch G8000 Application Guide Who Should Use This Guide PrefaceWhat You’ll Find in This Guide Typographic Conventions Typographic ConventionsHow to Get Help Accessing the Switch Configuring an IP Interface Log on to the switch Enter IP interface modeConfigure the default gateway. Enable the gateway Using Telnet Using the Browser-Based Interface Configuring BBI access via HttpConfiguring BBI access via Https RS G8000 config# access https import-certificate Snmp Using SnmpDefault configuration Snmp v1Privacy-password User configuration22 „ Accessing the Switch SNMPv1 trap host Configuring Snmp Trap HostsSNMPv2 trap host configuration Configure an entry in the notify tableSNMPv3 trap host configuration Securing Access to the Switch How Radius authentication works Radius Authentication and AuthorizationConfigure the Radius secret and enable the feature Configuring RadiusRadius authentication features in Blade OS Radius Attributes for G8000 user privileges Switch User AccountsHow TACACS+ authentication works TACACS+ AuthenticationAuthorization TACACS+ authentication features in Blade OSAccounting Command authorization and loggingConfigure the TACACS+ secret and second secret Configuring TACACS+ AuthenticationConfiguring SSH features on the switch Secure ShellSSH encryption of management messages SSH Integration with RADIUS/TACACS+ Authentication Generating RSA Host and Server Keys for SSH accessEnd User Access Control Considerations for configuring End User AccountsUser Access Control Logging into an End User account Listing current UsersRackSwitch G8000 Application Guide 38 „ Accessing the Switch Port-based Network Access Control Extensible Authentication Protocol over LAN Port Unauthorized 802.1X authentication processEAPoL message exchange „ Force Unauthorized 802.1X port states„ Unauthorized „ AuthorizedSupport for Radius Attributes Supported Radius attributesConfiguration guidelines BMD00041, November VLANs Overview VLANs and Port Vlan ID Numbers Vlan numbersViewing VLANs Pvid numbers Viewing and Configuring PVIDsVlan Tagging 1Default Vlan settings 2Port-based Vlan assignment 4802.1Q tag assignment Vlan Topologies and Design Considerations Vlan configuration rulesComponent Description Multiple VLANs with Tagging AdaptersVlan Vlan configuration example Enable tagging on uplink ports that support multiple VLANsConfigure the VLANs and their member ports Private Vlan ports Private VLANsSelect a Vlan and define the Private Vlan type as primary Configuration exampleVerify the configuration Configure a secondary Vlan and map it to the primary VlanRackSwitch G8000 Application Guide 62 „ VLANs Ports and Trunking Statistical load distribution Built-In fault toleranceStatic trunk group configuration rules Before you configure static trunks66 „ Ports and Trunking Follow these steps on the G8000 Port Trunking ExampleExamine the trunking information on each switch Repeat the process on the other switch„ Source IP SIP + Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol Admin keyRS G8000 # show lacp information Lacp configuration guidelines Configuring LacpSet the Lacp mode Spanning Tree 1Ports, Trunk Groups, and VLANs Determining the Path for Forwarding BPDUs Bridge Protocol Data Units BPDUsChanging the Spanning Tree mode Spanning Tree Group configuration guidelinesAssigning a Vlan to a Spanning Tree Group Creating a Vlan Rules for Vlan Tagged portsAdding and removing ports from STGs RackSwitch G8000 Application Guide Port state changes Rapid Spanning Tree ProtocolLink Type Rstp configuration guidelinesPort Type and Link Type Edge PortConfigure Rapid Spanning Tree Rstp configuration examplePer Vlan Rapid Spanning Tree Default Spanning Tree configuration1Two VLANs on one Spanning Tree Group Why do we need multiple Spanning Trees?Pvrst configuration guidelines Configuring PvrstSet the Spanning-tree mode to PVRST+ Multiple Spanning Tree Protocol Mstp RegionCommon Internal Spanning Tree Mstp configuration guidelines Passing Vlan Blocking Vlan Configure Multiple Spanning Tree Protocol Configuring Multiple Spanning Tree Groups90 „ Spanning Tree Fast Uplink Convergence Configuring Fast Uplink ConvergenceRackSwitch G8000 Application Guide 92 „ Spanning Tree Quality of Service COS MAC Extended ACLs Using ACL FiltersIP Extended ACLs IP Standard ACLs1Well-known protocol types Assigning ACLs to a port Understanding ACL priorityViewing ACL statistics Use the following command to view ACL statisticsAssign the ACL to port ACL configuration examplesConfigure an Access Control List Example100.10.1.0 Add the ACL to a port Add the ACL to portConfigure a MAC ACL to deny all other traffic Configure IP ACLs to deny all other trafficAssign the ACLs to a port Using Storm Control Filters Configuring storm controlBroadcast storms Differentiated Services Concepts Using Dscp Values to Provide QoSRackSwitch G8000 Application Guide Drop Class Precedence Per Hop BehaviorQoS Levels Default QoS Service LevelsDSCP-to-802.1p mapping Use the following command to perform DSCP-to-802.1p mapping3Layer 2 802.1q/802.1p Vlan tagged packet Using 802.1p Priority to Provide QoS802.1p configuration example Configure a port’s default 802.1p priority value toQueuing and Scheduling Overview Remote MonitoringRmon group 1-Statistics Configuring Rmon statisticsEnable Rmon on a port Configure the Rmon statistics on a portHistory MIB Object ID Rmon group 2-HistoryView Rmon History for the port Rmon group 3-AlarmsConfiguring Rmon History Configure the Rmon History parameters for a portConfiguring Rmon Alarms Alarm MIB objectsRmon group 9-Events Configure Rmon eventsConfigure the Rmon Alarm parameters to track Icmp messages Configure the Rmon event parametersBasic IP Routing IP Routing Benefits 1The Router Legacy Network Routing Between IP Subnets122 „ Basic IP Routing Example of Subnet Routing 2Switch-Based Routing Topology1Subnet Routing Example IP Address Assignments Using VLANs to segregate Broadcast Domains3Subnet Routing Example Optional Vlan Ports Add the switch ports to their respective VLANsConfigure the default gateway to the routers’ addresses Enable IP routingAssign a Vlan to each IP interface Dynamic Host Configuration Protocol RackSwitch G8000 Application Guide 128 „ Basic IP Routing Igmp Igmp Snooping IGMPv3 Snooping FastLeaveAdd VLANs to Igmp Snooping Igmp Snooping configuration exampleConfigure Igmp Snooping Enable IGMPv3 Snooping optionalRS G8000# show ip igmp groups View dynamic Igmp informationStatic Multicast Router Configure a Static Multicast RouterHigh Availability 1Uplink Failure Detection example Uplink Failure DetectionFailure Detection Pair Spanning Tree Protocol with UFD Configuration guidelinesConfiguring UFD Monitoring UFDTurn on Uplink Failure Detection UFD Troubleshooting Figure A-1Monitoring Ports Monitoring PortsPort Mirroring behavior Configuring Port MirroringEnable port mirroring View the current configurationBMD00041, November Numerics IndexIgmp TACACS+

Related manuals

Manual 28 pages 31.53 Kb