Asante Technologies IC36240 user manual Using Access Lists, Host-query messages

Page 57

All systems on the subnet must support the same version. The switch does not automatically detect Version 1 systems and switch to Version 1. Configure the switch for Version 2 if all devices on the subnet support IGMP version 2.

To control which version of IGMP the switch uses, use the following command in configuration mode:

Command

Purpose

 

 

ip igmp version {2 1} vlan <1-4093>

Select the IGMP version that the switch uses in a vlan.

 

 

Modifying the IGMP Host-Query Message Interval

Multicast switches send IGMP host-query messages to discover which multicast groups are present on attached networks. These messages are sent to the all-systems group address of 224.0.0.1 with a time-to-live (TTL) value of 1.

Multicast switches continue to periodically send host-query messages to refresh their knowledge of memberships present on their networks. If, after some number of queries, the switch software discovers that no local hosts are members of a multicast group, the software stops forwarding onto the local network multicast packets from remote origins for that group and sends a prune message upstream toward the source.

Multicast switches elect a designated switch for the LAN (subnet). The designated switch is the one with the highest IP address. The switch is responsible for sending IGMP host-query messages to all hosts on the LAN. By default, the designated switch sends IGMP host-query messages every 60 seconds in order to keep the IGMP overhead on hosts and networks very low. To modify this interval, use the following command in interface configuration mode:

Command

Purpose

 

 

ip igmp query-interval <10-3600

Configure the frequency at which the designated switch sends IGMP

seconds>

host-query messages.

 

 

The following example shows setting the IGMP query interval to 200.

Switch(config-if-veth1)#ip igmp query-interval 200

Changing the Maximum Query Response Time

By default, the maximum query response time advertised in IGMP queries is 10 seconds. If the switch is using IGMP Version 2, you can change this value. To change the maximum query response time, use the following command in configuration mode:

Command

Purpose

 

 

ip igmp query-max-response-time

Set the maximum query response time advertised in IGMP

<1-25 seconds>

queries.

 

 

6.4 Using Access Lists

An access list is a collection of criteria statements that the switch uses to determine whether to allow or block traffic based on IP addresses. Use Access lists to provide basic security on your network, and to prevent unnecessary traffic between network segments by permitting only required traffic onto your network.

57

Asante IntraCore IC36240

User’s Manual

Page 56 Page 58
Image 57
Page 56 Page 58
Contents IntraCore IC36240 Series IntraCore IC36240 Layer 2+ Gigabit Ethernet Switch User’s ManualTable of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Introduction FeaturesFront and Back Panel Descriptions Package ContentsLED LEDsConsole Interface Management and ConfigurationHardware Installation and Setup Installation OverviewSafety Overview Recommended Installation Tools Installing into an Equipment RackPower Requirements Environmental RequirementsInstalling the Optional External Power Supply SFP Mini Gbic PortsEquipment Rack Guidelines Connecting Power Connecting to the Network1 10/100/1000BaseT Ports Cabling Procedures Pin Number Pair Number & Wire Colors Gigabit Ethernet Ports Cabling ProceduresAsante IntraCore IC36240 Connecting to a Console Initial Software SetupUser Access Verification Password Connecting to a PCPasswords and Privileges Commands Privileges CommandsEnable Password Service Password-Encryption PasswordConfiguring an IP Address Login SecurityUsername Command Password and login CommandsSystem Boot Parameters Restoring Factory DefaultsSetting a Default IP Gateway Address Switchconfig# ip default-gatewayUser Top User Exec Mode Understanding the Command Line Interface CLIAccess Each Command Mode Document ConventionsCommand Show ? Purpose Privileged Top Privileged Exec ModeGlobal Configuration Mode Switch# configure Command Exit End Ctrl-Z PurposeSpanning-Tree Configuration Mode Interface Configuration ModeAdvanced Features Supported within the Command Mode Vlan Configuration ModeSpanning-tree mst configuration Example of Context Sensitive Help Command Help PurposeSwitch# configure ? Checking Command SyntaxUsing the No and Default Forms of Commands Using CLI Command HistoryUsing Command-Line Editing Features and Shortcuts Keystrokes/Command PurposeMoving Around on the Command Line Completing a Partial Command NameKeystrokes Purpose Editing Command Lines That Wrap Redisplaying the Current Command Line Deleting EntriesScrolling Down a Line or a Screen Transposing Mistyped Characters Controlling CapitalizationKeystrokes Setting the System Clock Managing the System and Configuration FilesSwitch# clock ? Switch# clock set 092930 28 January Switch# reload crTesting Connections with Ping Tests Changing the PasswordSpecifying the Hostname Enabling the System LogDisplaying the Operating Configuration Managing Configuration FilesConfiguring from the Terminal Switch# show running-configNewname# copy running-config startup-config Copying Configuration Files to a Network ServerSwitch# copy startup-config ? Switch# copy running-config Switch# copy running-config TftpSwitch# copy running-config tftp//192.168.0.1/my-config Authentication Configuring SnmpAccess Control Switch# copy tftp//192.168.123.59/my-confg running-configCreate or Modify Access Control for Snmp Community Security LevelsSupport Establish the Contact and Location of the Snmp Agent Command Purpose Snmp-server community string viewSnmp Configuration Commands Configuring Spanning TreeSpanning-tree mst? Spanning Tree ParametersRapid Spanning Tree Protocol Rstp Spanning Tree Port ConfigurationPort Priority Port Path CostSwitchconfig# spanning-tree priority priority Configuring Switch/Bridge PriorityRapid Convergence Enabling Rapid Spanning TreeConfiguring an Edge Port Configuring Link TypeConfiguring Port Path Cost Configuring Port PriorityMultiple Spanning-Tree MST Vlan Configuring VlanSwitchconfig# mac-address-table aging-time MAC Address TableShow mac-address-table Configuring IP Assign IP Addresses to SwitchClass Address or Range Status Define a Static ARP Cache Establish Address ResolutionManaging IP Multicast Traffic Configuring IgmpIgmp Overview Forwarding Unknown Multicast PacketsSwitchconfig-if-veth1#ip igmp query-interval Using Access ListsCommand Purpose Ip igmp query-max-response-time Host-query messagesUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Create a MAC Access List Create an Expanded Access ListSwitchconfig# mac access-list standard Access-list 101 deny ? Access-list 101 ?Access-list 101 deny tcp ? Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?Applying an Access List to an Interface Creating an Access List with a NameAccess-list ? Access-list standard ?Switchconfig# access-list 110 permit udp any any eq Configuring Common Access ListsAccess-list 101 deny ip any any Creating or Modifying a Vlan Vlan ConfigurationSwitch# show vlan Switchconfig-vlan#port-member delete ethDeleting a Vlan Static Access Vlan Port Membership ModesTrunk Ieee 802.1q Switchconfig# end Command Purpose Switchconfig# vlan dot1q tag nativeConfiguring Weighted Fair Queuing Quality of Service ConfigurationMonitoring Weighted Fair Queuing Lists Priority QueuingTraffic Shaping Configuring Traffic Shaping for an InterfaceDefining the Priority List Monitoring Priority Queuing ListsConfiguring Traffic Shaping for an Access List Configuring Rate LimitMonitoring the Traffic Shaping Configuration Generic Traffic Shaping ExampleAsante IntraCore IC36240 Main Configuration Menu Configuring the Switch Using the GUIFront Panel Information Screen Information ScreensGeneral Information Screen Assign IP Addresses to SwitchClass Address or Range Status Individual Port Configuration Screen Port Configuration MenuAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Problem Possible Solutions Appendix a Basic TroubleshootingPhysical Characteristics Appendix B SpecificationsEnvironmental Range PerformanceStandards Compliance Technical Support and WarrantyFCC Compliance Statement Important Safety Instructions Appendix C FCC Compliance and Warranty StatementsIntraCare Warranty Statement Appendix D Online Warranty Registration Index Access ListIgmp LED Safety Priority Queuing Vlan
Top Page Image Contents