Asante Technologies IC36240 user manual Creating an Access List with a Name, Access-list ?

Page 63

6.4.4 Creating an Access List with a Name

From the global configuration mode, you can also create access lists. Using the Switch(config)#ip command you can name your access list, rather than using a number. The new prompt reflects the named access list mode.

Switch(config)# ip ?

access-list		Named access-list
forward-protocol		Controls forwarding of physical and directed IP
prefix-list		Build a prefix list
route		Establish static routes
Switch(config)# ip		access-list ?
standard	Standard Access List
extended	Extended Access List
Switch(config)# ip		access-list standard ?

WORD	Access-list name or Standard IP access-list number <1-99>
Switch(config)# ip access-list standard test
Switch(config-std-nacl)# ?
deny	Specify packets to reject
end	End current mode and change to enable mode
exit	Exit current mode and down to previous mode
help	Description of the interactive help system
no	Negate a command or set its defaults
permit	Specify packets to forward
quit	Exit current mode and down to previous mode
remark	Access list entry comment
show	Show running system information
write	Write running configuration to memory, network, or terminal

Switch(config-std-nacl)#

At the Switch(config-std-nacl)#prompt, you configure the access list permit or deny statements.

6.4.5 Applying an Access List to an Interface

After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the interface configuration mode for the desired interface. Each interface may have only one access list applied to it at one time. Apply the access lists to either inbound traffic or to outbound traffic.

The following example shows creating an extended access list that only allows SMTP traffic (port 25) to be sent out, and denies all other traffic.

Switch(config)# access-list 101 permit tcp 192.168.123.0 0.0.0.255 any eq 25 Switch(config)# access-list 101 deny any

Switch(config)# interface eth1 Switch(config-if-eth1)# ip ?

access-group Apply an access-group entry Switch(config-if-eth1)# ip access-group ?

WORD access-list number or name Switch(config-if-eth1)# ip access-group 101 ?

in inbound direction out outbound direction

Switch(config-if-eth1)# ip access-group 101 out Switch(config-if-eth1)# exit

63

Asante IntraCore IC36240

User’s Manual

Image 63

Contents IntraCore IC36240 Series IntraCore IC36240 Layer 2+ Gigabit Ethernet Switch User’s ManualTable of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Introduction FeaturesFront and Back Panel Descriptions Package ContentsLED LEDsConsole Interface Management and ConfigurationHardware Installation and Setup Installation OverviewSafety Overview Environmental Requirements Installing into an Equipment RackRecommended Installation Tools Power RequirementsInstalling the Optional External Power Supply SFP Mini Gbic PortsEquipment Rack Guidelines Connecting Power Connecting to the Network1 10/100/1000BaseT Ports Cabling Procedures Pin Number Pair Number & Wire Colors Gigabit Ethernet Ports Cabling ProceduresAsante IntraCore IC36240 Connecting to a Console Initial Software SetupUser Access Verification Password Connecting to a PCPasswords and Privileges Commands Privileges CommandsEnable Password Service Password-Encryption PasswordPassword and login Commands Login SecurityConfiguring an IP Address Username CommandSwitchconfig# ip default-gateway Restoring Factory DefaultsSystem Boot Parameters Setting a Default IP Gateway AddressDocument Conventions Understanding the Command Line Interface CLIUser Top User Exec Mode Access Each Command ModeCommand Show ? Purpose Privileged Top Privileged Exec ModeGlobal Configuration Mode Switch# configure Command Exit End Ctrl-Z PurposeSpanning-Tree Configuration Mode Interface Configuration ModeAdvanced Features Supported within the Command Mode Vlan Configuration ModeSpanning-tree mst configuration Example of Context Sensitive Help Command Help PurposeSwitch# configure ? Checking Command SyntaxKeystrokes/Command Purpose Using CLI Command HistoryUsing the No and Default Forms of Commands Using Command-Line Editing Features and ShortcutsMoving Around on the Command Line Completing a Partial Command NameKeystrokes Purpose Editing Command Lines That Wrap Redisplaying the Current Command Line Deleting EntriesScrolling Down a Line or a Screen Transposing Mistyped Characters Controlling CapitalizationKeystrokes Switch# clock set 092930 28 January Switch# reload cr Managing the System and Configuration FilesSetting the System Clock Switch# clock ?Enabling the System Log Changing the PasswordTesting Connections with Ping Tests Specifying the HostnameSwitch# show running-config Managing Configuration FilesDisplaying the Operating Configuration Configuring from the TerminalNewname# copy running-config startup-config Copying Configuration Files to a Network ServerSwitch# copy startup-config ? Switch# copy running-config Switch# copy running-config TftpSwitch# copy running-config tftp//192.168.0.1/my-config Switch# copy tftp//192.168.123.59/my-confg running-config Configuring SnmpAuthentication Access ControlCreate or Modify Access Control for Snmp Community Security LevelsSupport Establish the Contact and Location of the Snmp Agent Command Purpose Snmp-server community string viewSnmp Configuration Commands Configuring Spanning TreeSpanning-tree mst? Spanning Tree ParametersPort Path Cost Spanning Tree Port ConfigurationRapid Spanning Tree Protocol Rstp Port PriorityEnabling Rapid Spanning Tree Configuring Switch/Bridge PrioritySwitchconfig# spanning-tree priority priority Rapid ConvergenceConfiguring Port Priority Configuring Link TypeConfiguring an Edge Port Configuring Port Path CostMultiple Spanning-Tree MST Vlan Configuring VlanSwitchconfig# mac-address-table aging-time MAC Address TableShow mac-address-table Configuring IP Assign IP Addresses to SwitchClass Address or Range Status Define a Static ARP Cache Establish Address ResolutionForwarding Unknown Multicast Packets Configuring IgmpManaging IP Multicast Traffic Igmp OverviewHost-query messages Using Access ListsSwitchconfig-if-veth1#ip igmp query-interval Command Purpose Ip igmp query-max-response-timeUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Create a MAC Access List Create an Expanded Access ListSwitchconfig# mac access-list standard Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ? Access-list 101 ?Access-list 101 deny ? Access-list 101 deny tcp ?Access-list standard ? Creating an Access List with a NameApplying an Access List to an Interface Access-list ?Switchconfig# access-list 110 permit udp any any eq Configuring Common Access ListsAccess-list 101 deny ip any any Creating or Modifying a Vlan Vlan ConfigurationSwitch# show vlan Switchconfig-vlan#port-member delete ethDeleting a Vlan Static Access Vlan Port Membership ModesTrunk Ieee 802.1q Switchconfig# end Command Purpose Switchconfig# vlan dot1q tag nativePriority Queuing Quality of Service ConfigurationConfiguring Weighted Fair Queuing Monitoring Weighted Fair Queuing ListsMonitoring Priority Queuing Lists Configuring Traffic Shaping for an InterfaceTraffic Shaping Defining the Priority ListGeneric Traffic Shaping Example Configuring Rate LimitConfiguring Traffic Shaping for an Access List Monitoring the Traffic Shaping ConfigurationAsante IntraCore IC36240 Main Configuration Menu Configuring the Switch Using the GUIFront Panel Information Screen Information ScreensGeneral Information Screen Assign IP Addresses to SwitchClass Address or Range Status Individual Port Configuration Screen Port Configuration MenuAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Problem Possible Solutions Appendix a Basic TroubleshootingPerformance Appendix B SpecificationsPhysical Characteristics Environmental RangeStandards Compliance Technical Support and WarrantyFCC Compliance Statement Important Safety Instructions Appendix C FCC Compliance and Warranty StatementsIntraCare Warranty Statement Appendix D Online Warranty Registration Index Access ListIgmp LED Safety Priority Queuing Vlan