Asante Technologies IC36240 user manual Create a MAC Access List, Create an Expanded Access List

Page 61

6.4.2 Create a MAC Access List

The IntraCore IC36240 has a 16K Mac address. The parameters for a MAC access list are described below:

MAC access-list standard (700-799): Identifies the access list to which an entry belongs. There is no limit to how many entries make up a MAC access list, other than available memory.

MAC access list extended (1100–1199): Identifies the access list to which an entry belongs.

The following is sample output from the mac access-list command.

Switch(config)# mac access-list standard 700

Switch(config)# permit

6.4.3 Create an Expanded Access List

Extended access lists filter at Layer 4, and can check source and destination addresses as well as filter transport layer information, such as TCP and UDP protocols. In addition to the standard access list parameters listed above, an extended access list also uses the following information:

Access list number (1300–1999): Identifies the access list to which an entry belongs

IP/ICMP/TCP/UDP: Specifies protocol connection

Destination address: Specifies the destination address to match

Operator operand: Select eq (equal to), gt (greater than), lt (less than), or neq (not equal to) to specify how to match the protocol port number

0-65535: Specifies the protocol port number. Well-known ports are listed below:

20File Transfer Protocol (FTP) data

21FTP Program

23 Telnet

25Simple Mail Transfer Protocol (SMTP)

69Trivial File Transfer Protocol (TFTP)

53Domain Name System (DNS)

80Hypertext Transport Protocol (HTTP)

110Post Office Protocol (POP3)

119Network News Transport Protocol (NNTP)

61

Asante IntraCore IC36240

User’s Manual

Page 60 Page 62
Image 61
Page 60 Page 62
Contents IntraCore IC36240 Series IntraCore IC36240 Layer 2+ Gigabit Ethernet Switch User’s ManualTable of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Introduction FeaturesFront and Back Panel Descriptions Package ContentsLED LEDsConsole Interface Management and ConfigurationInstallation Overview Hardware Installation and SetupSafety Overview Recommended Installation Tools Installing into an Equipment RackPower Requirements Environmental RequirementsSFP Mini Gbic Ports Installing the Optional External Power SupplyEquipment Rack Guidelines Connecting to the Network Connecting Power1 10/100/1000BaseT Ports Cabling Procedures Pin Number Pair Number & Wire Colors Gigabit Ethernet Ports Cabling ProceduresAsante IntraCore IC36240 Connecting to a Console Initial Software SetupUser Access Verification Password Connecting to a PCPrivileges Commands Passwords and Privileges CommandsEnable Password Service Password-Encryption PasswordConfiguring an IP Address Login SecurityUsername Command Password and login CommandsSystem Boot Parameters Restoring Factory DefaultsSetting a Default IP Gateway Address Switchconfig# ip default-gatewayUser Top User Exec Mode Understanding the Command Line Interface CLIAccess Each Command Mode Document ConventionsCommand Show ? Purpose Privileged Top Privileged Exec ModeGlobal Configuration Mode Switch# configure Command Exit End Ctrl-Z PurposeSpanning-Tree Configuration Mode Interface Configuration ModeVlan Configuration Mode Advanced Features Supported within the Command ModeSpanning-tree mst configuration Example of Context Sensitive Help Command Help PurposeSwitch# configure ? Checking Command SyntaxUsing the No and Default Forms of Commands Using CLI Command HistoryUsing Command-Line Editing Features and Shortcuts Keystrokes/Command PurposeCompleting a Partial Command Name Moving Around on the Command LineKeystrokes Purpose Editing Command Lines That Wrap Deleting Entries Redisplaying the Current Command LineScrolling Down a Line or a Screen Controlling Capitalization Transposing Mistyped CharactersKeystrokes Setting the System Clock Managing the System and Configuration FilesSwitch# clock ? Switch# clock set 092930 28 January Switch# reload crTesting Connections with Ping Tests Changing the PasswordSpecifying the Hostname Enabling the System LogDisplaying the Operating Configuration Managing Configuration FilesConfiguring from the Terminal Switch# show running-configNewname# copy running-config startup-config Copying Configuration Files to a Network ServerSwitch# copy startup-config ? Switch# copy running-config Tftp Switch# copy running-configSwitch# copy running-config tftp//192.168.0.1/my-config Authentication Configuring SnmpAccess Control Switch# copy tftp//192.168.123.59/my-confg running-configSecurity Levels Create or Modify Access Control for Snmp CommunitySupport Establish the Contact and Location of the Snmp Agent Command Purpose Snmp-server community string viewSnmp Configuration Commands Configuring Spanning TreeSpanning-tree mst? Spanning Tree ParametersRapid Spanning Tree Protocol Rstp Spanning Tree Port ConfigurationPort Priority Port Path CostSwitchconfig# spanning-tree priority priority Configuring Switch/Bridge PriorityRapid Convergence Enabling Rapid Spanning TreeConfiguring an Edge Port Configuring Link TypeConfiguring Port Path Cost Configuring Port PriorityMultiple Spanning-Tree MST Vlan Configuring VlanMAC Address Table Switchconfig# mac-address-table aging-timeShow mac-address-table Assign IP Addresses to Switch Configuring IPClass Address or Range Status Define a Static ARP Cache Establish Address ResolutionManaging IP Multicast Traffic Configuring IgmpIgmp Overview Forwarding Unknown Multicast PacketsSwitchconfig-if-veth1#ip igmp query-interval Using Access ListsCommand Purpose Ip igmp query-max-response-time Host-query messagesUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Create an Expanded Access List Create a MAC Access ListSwitchconfig# mac access-list standard Access-list 101 deny ? Access-list 101 ?Access-list 101 deny tcp ? Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?Applying an Access List to an Interface Creating an Access List with a NameAccess-list ? Access-list standard ?Switchconfig# access-list 110 permit udp any any eq Configuring Common Access ListsAccess-list 101 deny ip any any Creating or Modifying a Vlan Vlan ConfigurationSwitchconfig-vlan#port-member delete eth Switch# show vlanDeleting a Vlan Vlan Port Membership Modes Static AccessTrunk Ieee 802.1q Switchconfig# end Command Purpose Switchconfig# vlan dot1q tag nativeConfiguring Weighted Fair Queuing Quality of Service ConfigurationMonitoring Weighted Fair Queuing Lists Priority QueuingTraffic Shaping Configuring Traffic Shaping for an InterfaceDefining the Priority List Monitoring Priority Queuing ListsConfiguring Traffic Shaping for an Access List Configuring Rate LimitMonitoring the Traffic Shaping Configuration Generic Traffic Shaping ExampleAsante IntraCore IC36240 Main Configuration Menu Configuring the Switch Using the GUIFront Panel Information Screen Information ScreensGeneral Information Screen Assign IP Addresses to SwitchClass Address or Range Status Individual Port Configuration Screen Port Configuration MenuAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Problem Possible Solutions Appendix a Basic TroubleshootingPhysical Characteristics Appendix B SpecificationsEnvironmental Range PerformanceStandards Compliance Technical Support and WarrantyFCC Compliance Statement Important Safety Instructions Appendix C FCC Compliance and Warranty StatementsIntraCare Warranty Statement Appendix D Online Warranty Registration Index Access ListIgmp LED Safety Priority Queuing Vlan
Top Page Image Contents