Asante Technologies IC36240 user manual Create a Standard Access List

Page 60

6.4.1 Create a Standard Access List

Standard access lists filter at Layer 3, and can allow or block access to networks and host addresses. The parameters for a standard access list are described below:

Access list number (1–99): Identifies the access list to which an entry belongs. There is no limit to how many entries make up an access list, other than available memory

Remark: Access list entry comment. This may be useful to keep track of numbered lists

Permit/deny: Indicates whether this entry allows or blocks traffic from the specified source address

Source address: Enter the source IP address to match

Any: Specifies any source address to match

Source wildcard mask: Identifies which bits in the address field are to be matched. A “0” indicates that positions must match; a “1” indicates that position is ignored

In the following example, a standard access list is created to allow all traffic from the 192.168.0.0 networks, while blocking all non-192.168.0.0 traffic. The last entry is redundant, since the switch will deny access if there is no match found by the end of the list.

Switch# configure

1

?

Switch(config)# access-list

deny

Specify packets to reject

permit

Specify packets to forward

remark

Access list entry comment

Switch(config)# access-list

1

permit ?

A.B.C.D

Source address to match. e.g. 10.0.0.0

any

Any source address

to match

Switch(config)# access-list

1

permit 192.168.0.0 ?

A.B.C.D

Source wildcard. e.g. 0.0.0.255

<cr>

 

 

permit 192.168.0.0 0.0.255.255

Switch(config)# access-list 1

Switch(config)# access-list 1

deny any

The next example shows a standard access list is created to deny all traffic from 192.168.123.254 and allow all other traffic to be forwarded. Note that the last entry of this example is not redundant, as it is a permit statement. An implicit deny statement would follow the last entry, if no match was found before the end of the list. In this case, however, you are permitting any other IP address other than 192.168.123.254, and a deny statement is not necessary.

Switch(config)# access-list 1 deny 192.168.123.254 ? A.B.C.D Source wildcard. e.g. 0.0.0.255

<cr>

Switch(config)# access-list 1 deny 192.168.123.254

Switch(config)# access-list 1 permit any

Switch(config)# exit

Switch# show access-list

After entering the access list, use the show command from privileged mode, as shown above. Any lists you have created, as well as any remark entered for a list, will be displayed.

Note: In the above examples, the argument any can be used instead of 0.0.0.0 255.255.255.255.

60

Asante IntraCore IC36240

User’s Manual

Image 60
Contents IntraCore IC36240 Series Layer 2+ Gigabit Ethernet Switch User’s Manual IntraCore IC36240Table of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Features IntroductionPackage Contents Front and Back Panel DescriptionsLEDs LEDManagement and Configuration Console InterfaceHardware Installation and Setup Installation OverviewSafety Overview Installing into an Equipment Rack Recommended Installation ToolsPower Requirements Environmental RequirementsInstalling the Optional External Power Supply SFP Mini Gbic PortsEquipment Rack Guidelines Connecting Power Connecting to the Network1 10/100/1000BaseT Ports Cabling Procedures Gigabit Ethernet Ports Cabling Procedures Pin Number Pair Number & Wire ColorsAsante IntraCore IC36240 Initial Software Setup Connecting to a ConsoleConnecting to a PC User Access Verification PasswordPasswords and Privileges Commands Privileges CommandsEnable Password Password Service Password-EncryptionLogin Security Configuring an IP AddressUsername Command Password and login CommandsRestoring Factory Defaults System Boot ParametersSetting a Default IP Gateway Address Switchconfig# ip default-gatewayUnderstanding the Command Line Interface CLI User Top User Exec ModeAccess Each Command Mode Document ConventionsPrivileged Top Privileged Exec Mode Command Show ? PurposeGlobal Configuration Mode Command Exit End Ctrl-Z Purpose Switch# configureInterface Configuration Mode Spanning-Tree Configuration ModeAdvanced Features Supported within the Command Mode Vlan Configuration ModeSpanning-tree mst configuration Command Help Purpose Example of Context Sensitive HelpChecking Command Syntax Switch# configure ?Using CLI Command History Using the No and Default Forms of CommandsUsing Command-Line Editing Features and Shortcuts Keystrokes/Command PurposeMoving Around on the Command Line Completing a Partial Command NameKeystrokes Purpose Editing Command Lines That Wrap Redisplaying the Current Command Line Deleting EntriesScrolling Down a Line or a Screen Transposing Mistyped Characters Controlling CapitalizationKeystrokes Managing the System and Configuration Files Setting the System ClockSwitch# clock ? Switch# clock set 092930 28 January Switch# reload crChanging the Password Testing Connections with Ping TestsSpecifying the Hostname Enabling the System LogManaging Configuration Files Displaying the Operating ConfigurationConfiguring from the Terminal Switch# show running-configCopying Configuration Files to a Network Server Newname# copy running-config startup-configSwitch# copy startup-config ? Switch# copy running-config Switch# copy running-config TftpSwitch# copy running-config tftp//192.168.0.1/my-config Configuring Snmp AuthenticationAccess Control Switch# copy tftp//192.168.123.59/my-confg running-configCreate or Modify Access Control for Snmp Community Security LevelsSupport Command Purpose Snmp-server community string view Establish the Contact and Location of the Snmp AgentConfiguring Spanning Tree Snmp Configuration CommandsSpanning Tree Parameters Spanning-tree mst?Spanning Tree Port Configuration Rapid Spanning Tree Protocol RstpPort Priority Port Path CostConfiguring Switch/Bridge Priority Switchconfig# spanning-tree priority priorityRapid Convergence Enabling Rapid Spanning TreeConfiguring Link Type Configuring an Edge PortConfiguring Port Path Cost Configuring Port PriorityMultiple Spanning-Tree MST Configuring Vlan VlanSwitchconfig# mac-address-table aging-time MAC Address TableShow mac-address-table Configuring IP Assign IP Addresses to SwitchClass Address or Range Status Establish Address Resolution Define a Static ARP CacheConfiguring Igmp Managing IP Multicast TrafficIgmp Overview Forwarding Unknown Multicast PacketsUsing Access Lists Switchconfig-if-veth1#ip igmp query-intervalCommand Purpose Ip igmp query-max-response-time Host-query messagesUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Create a MAC Access List Create an Expanded Access ListSwitchconfig# mac access-list standard Access-list 101 ? Access-list 101 deny ?Access-list 101 deny tcp ? Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?Creating an Access List with a Name Applying an Access List to an InterfaceAccess-list ? Access-list standard ?Configuring Common Access Lists Switchconfig# access-list 110 permit udp any any eqAccess-list 101 deny ip any any Vlan Configuration Creating or Modifying a VlanSwitch# show vlan Switchconfig-vlan#port-member delete ethDeleting a Vlan Static Access Vlan Port Membership ModesTrunk Ieee 802.1q Command Purpose Switchconfig# vlan dot1q tag native Switchconfig# endQuality of Service Configuration Configuring Weighted Fair QueuingMonitoring Weighted Fair Queuing Lists Priority QueuingConfiguring Traffic Shaping for an Interface Traffic ShapingDefining the Priority List Monitoring Priority Queuing ListsConfiguring Rate Limit Configuring Traffic Shaping for an Access ListMonitoring the Traffic Shaping Configuration Generic Traffic Shaping ExampleAsante IntraCore IC36240 Configuring the Switch Using the GUI Main Configuration MenuInformation Screens Front Panel Information ScreenAssign IP Addresses to Switch General Information ScreenClass Address or Range Status Port Configuration Menu Individual Port Configuration ScreenAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Appendix a Basic Troubleshooting Problem Possible SolutionsAppendix B Specifications Physical CharacteristicsEnvironmental Range PerformanceTechnical Support and Warranty Standards ComplianceAppendix C FCC Compliance and Warranty Statements FCC Compliance Statement Important Safety InstructionsIntraCare Warranty Statement Appendix D Online Warranty Registration Access List IndexIgmp LED Safety Priority Queuing Vlan