Defining Access, Control Lists | 3Com 3CRDSF9PWR specification

82CHAPTER 4: MANAGING DEVICE SECURITY

Defining Access	Access Control Lists (ACLs) allow network managers to define
Control Lists	classification actions and rules for specific ingress ports. Packets entering
	an ingress port, with an active ACL are either admitted or denied entry.
	For example, an ACL rule states that port number 20 can receive TCP
	packets, however, if a UDP packet is received, the packet will be dropped.
	ACLs are composed of access control entries (ACEs) that are made of the
	filters that determine traffic classifications.

The following are examples of filters that can be defined as ACEs:

■Source Port IP Address and Wildcard Mask — Filters packets by the source port IP address and wildcard mask.

■Destination Port IP Address and Wildcard Mask — Filters packets by the destination port IP address and wildcard mask.

■Protocol — Filters packets by the IP protocol.

■DSCP — Filters packets by the DiffServ Code Point (DSCP) value.

■IP Precedence — Filters packets by the IP Precedence.

■Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.

This section includes the following topics:

■Viewing MAC Based ACLs

■Configuring MAC Based ACLs

■Removing MAC Based ACLs

■Viewing IP Based ACLs

■Defining IP Based ACLs

■Removing IP Based ACLs

■Viewing ACL Binding

■Configuring ACL Binding

■Removing ACL Binding

Image 82

3Com 3CRDSF9PWR manual Defining Access, Access Control Lists ACLs allow network managers to define

Contents

3Com OfficeConnect Managed PoE Switch 3Com Corporation Campus Drive Marlborough Overview User GuideManaging System Information Provides information for About this Guide Documentation ConventionsRelated Lists conventions that are used throughout this guide About this Guide Contents Viewing Basic Settings Configuring Ports Configuring Igmp Snooping Managing System Files Managing Device Diagnostics -O UTS Troubleshooting Page Getting Started OfficeConnect SwitchAbout Managed Fast OfficeConnect Managed Fast Ethernet PoE Switch-front panel LED Status IndicatorsOfficeConnect Managed Fast Ethernet PoE switch provides LED Describes the meanings of the LEDs Fast Ethernet PoE switch SpecificationsSystem Installing Methods of Managing a Switch Setting Up forManagement Refer to Setting Up Web Interface Management on Refer to Setting Up Command Line Interface Management on Configure IP information manually for your switch or view Switch SetupRefer to Setting Up Snmp Management V1 or V2 on Automatically configured IP information Initial Switch Setup and Management Flow Diagram Automatic IP Configuration using Dhcp Manual IP Configuration Interface CLI Prerequisites Connecting the Workstation to the Switch Manually set the IP Address using the Console Port Console#configure Console#show ip interface Interface Setting Up WebChoosing a Browser Interface Management Setting UpCommand Line Over the Network Network Using Telnet Where xxx.xxx.xxx.xxx is the IP address of the switch Upgrading Software using Default Users Enter y and press Return. The system reboots the switch Following prompt displays Using the 3COM WEB Interface Web Interface Accessing the 3Com Web InterfaceStarting the 3Com Multi-Session Web Connections Enter Network Password Web Interface Understanding 3Com Web Interface 3Com Web Interface Home Following table lists the user interface components Interface Components View Description Click Device Summary Device View To access the Device RepresentationManagement Buttons To view configuration information Using ScreenTable Options Click Administration IP Setup. The IP Setup Page opens IP Setup Modify the fields Click . The access fields are modified System Access Modify To save the device configuration ConfigurationConfiguration to be saved to the flash memory Click . The configuration is saved Click Administration Reset. The Reset Page opens Resetting the DeviceClick . a confirmation message is displayed Password is displayed Reboot in 15 secondsClick To restore the device DefaultsRestores device factory defaults Restoring Factory To log off the device Logging OffDevice Following message appears Viewing Basic Settings To view the Device Summary Settings Device Summary Page contains the following fields Polling Interval Page contains the following fields Polling Interval Click Device Summary Color Key. The Color Key Page opens Color Key Managing Device Security Managing Device Security System Access Summary To define System Access Interface To modify System Access Click . The Users are deleted, and the device is updated To remove users To configure the Radius client Managing Device Security Defining Port-Based Authentication802.1X Click Security 802.1X Summary. The 802.1X Summary Page opens Defining Port-Based Authentication Port Settings 802.1X System SettingClick Security 802.1X Setup. The 802.1X Setup Page opens Defining Port-Based Authentication Local Database DefiningForwarded on to the originally requested web To configure Local Database Settings AuthenticationLocal Database Setup Page contains the following fields Local Database Port Detail Local Database Port Setup Page contains the following fields To display the users stored in the Local Database User Name The name of users stored in the local database Create a User To create user entries in the Local DatabaseSummary Local Database User Modify To remove a user entry from the Local Database Local Database User Remove Encrypting Connection to To configure Https settings Client and server establish a secure encrypted connection Disabled Https is disabled on the device Https//deviceportnumber Https Download Certificate Managing Device Security Switch supports both SSH Version 1.5 and 2.0 clients Click Security SSH Host Key. The SSH Host Key Page opens To view the DSA and RSA keysSSH Host Key Page contains the following fields Must use this web page to create a public host key SSH Key Generate Control Lists Defining AccessAccess Control Lists ACLs allow network managers to define Filters that determine traffic classifications MAC Based ACL Summary To configure MAC-based ACLs Click Device ACL MAC Based ACL Setup. The MAC Based ACL Add Rules to ACL Select Create ACL To define a new MAC-based ACL rule Click Device ACL MAC Based ACL Remove. The MAC Based ACL Check Remove ACL IP Based ACL Summary Defining Access Control Lists Click Device ACL IP Based ACL Setup. The IP Based ACL Setup To configure IP-based ACLsOpens Add Rules to ACL Managing Device Security To create a new IP-based ACL Click Device ACL IP Based ACL Remove. The IP Based ACL Updated ACL Binding Summary ACL Binding Setup To define ACL Binding To remove ACL Binding ACL Binding Remove Managing Device Security Storm Control SettingsTo display the storm control settings For all ports Control ConfiguringTo configure Broadcast Storm Control Define the relevant fields Using Broadcast Storm Control Managing Device Security Information Device View Viewing System Description Configuring the System Name SettingsSystem settings. The section includes the following topics Configuring System Time To configure the System Name Device To configure the System Time System Time Setup Defining System Settings Saving the Device Saved to the flash memory To reset the device configuration Managing System Information Configuring Ports Port Administration Summary 115 To configure Port Settings Port Administration Setup 117 Click Port Administration Detail. The Port Detail Page opens 119 Configuring Ports Aggregating Ports Link Aggregation Summary To create Link Aggregation Blue Displays a member of the aggregation being created Summary Deselected ports Link Aggregation Modify Page includes the following fields To modify Link AggregationBlue Displays a member of the modified aggregation Summary To remove Link Aggregation Link Aggregation Remove Page includes the following fields Lacp Summary Lacp Modify Aggregating Ports Configuring Vlans Click Device Vlan Vlan Detail. The Vlan Detail Page opens Vlan Vlan Port Detail Create VLANs Click Device Vlan Setup. The Vlan Setup Page opensVlan Setup Page contains the following fields To create VLANs To rename VLANs Click Device Vlan Rename. The Vlan Rename Page opens To edit Vlan Settings Click Device Vlan Modify VLAN. The Modify Vlan Page opens 137 To modify Port Vlan Settings Click Device Vlan Modify Port. The Modify Port Page opens To delete VLANs Click Device Vlan Remove. The Vlan Remove Page opens Configuring Vlans Address Information Addressing IP Setup Page contains the following fieldsDefining IP To define an IP interface Configuring ARP Settings ARP Settings Summary To configure ARP entries ARP Settings Setup ARP Settings Remove To remove ARP entries Configuring ARP Settings Configuring IP and MAC Address Information Table Settings To view address table settings Port Summary Configuring Igmp Snooping To configure Igmp Snooping Click Device Igmp Snooping Setup. The Igmp Snooping Vlan Settings Configuring Igmp Snooping Configuring Spanning Tree Spanning Tree Summary 157 To configure Spanning Tree Setup Spanning Tree 159 Spanning Tree Port Setup To modify Spanning Tree Recommended STA Path Cost Range Configuring Spanning Tree Configuring Snmp Snmp version Snmp version 2c Click Administration Snmp Setup. The Snmp Setup Page opens To set the operational status for Snmp Click Administration Snmp Snmp Add. The Snmp Add Page opens To define Snmp communities Snmp Trap Community StringSnmp Add Page contains the following fields Communities Remove Community StringRemoving Snmp To remove Snmp communities or traps Remove Snmp Trap Service Click Device QoS CoS Summary. The CoS Summary Page opens CoS Summary To configure CoS Settings Click Device QoS CoS Setup. The CoS Setup Page opens To configure the queue mode Click Device QoS Queue. The Queue Setup Page opens CoS to Queue Summary To configure CoS values to queues With 0 representing the lowest queue and 3 as the highest To view the Dscp to CoS mapping Dscp to CoS Summary Dscp to CoS Setup To map Dscp to CoS values Click Device QoS Trust Setup. The Trust Setup Page opens Trust Setup Page contains the following fields Ingress Rate Limit Bandwidth Summary Egress Shaping Rates Bandwidth Setup Page contains the following fields To configure Bandwidth SettingsBe applied to the egress traffic on a specified interface Egress Shaping Rate Configuring Quality of Service Voice Vlan Summary To configure Voice Vlan Settings Voice Vlan Setup Voice Vlan is defined, and the device is To configure Voice Vlan port settings Voice Vlan Port Setup Device is updated Port Definitions To view Voice Vlan Port Detail SettingsFor specific ports Configuring Voice Vlan OUI List To view Voice Vlan OUI SettingsVoice Vlan OUI Summary Page contains the following fields To modify Voice Vlan OUI Settings Voice Vlan OUI Modify Page contains the following fields Configuring Quality of Service Managing System Files Managing System Files Configuration Upload To backup System files Configuration Download To restore System files To download the software image RestoringSoftware Software Download Managing System Files Ethernet Devices Device Power Display Port PoE Summary Page displays the following information Port Power Display To configure Port PoE Settings Click Port PoE Setup. The Port PoE Setup Page opens 203 Managing Power Over Ethernet Devices Managing System Logs System Log Severity Levels To view Logging Logging Display Logging Setup Page contains the following fields To define Log Parameters Managing System Logs Viewing Statistics To view port statistics Port Statistics Summary Port Statistics Summary Page Field Description Port Statistics Summary Page Field Description 213 Port Statistics Summary Page Field Description Managing Device Diagnostics Port mirroring is not supported for trunk ports To enable port mirroring Port Mirroring Setup Managing Device Diagnostics To remove port mirroring Port Mirroring Remove To view cables diagnostics Cable Diagnostics Summary Configuring Cable Diagnostics Diagnostics To test cables Pinging Another Using the command line interface to ping another deviceRequest packets to another node on the network Press Esc to stop pinging 3Com Network Supervisor Access Manager Director Manager HP OpenViewNetwork Node Application such as 3Com Enterprise Management Suite EMS Appendix a 3COM Network Management Environmental Physical Feature Description Electrical Switch Features Interface with Crossover Mdix SSL Appendix B Device Specifications and Features PC-AT Serial Cable Null Modem Cable RJ-45 to RS-232 25-pin Ethernet Port RJ-45 Pin Assignments 10/100 and 1000BASE-T RJ-45 connections Ethernet Port RJ-45 Pin Assignments Appendix C PIN-OUTS Troubleshooting ProblemSolutions No connection and the port LED is off Lost Password Problems Possible Cause Solution Problems Possible Cause Solution Appendix D Troubleshooting Boot Protocol Access Control ListAddress Resolution Service Dscp Appendix E Glossary Igmp Snooping Ieee 802.3uIeee Igmp Query Port Authentication See Ieee Link Aggregation See Port Trunk Protocol Rstp RemoteRemote Monitoring Secure Shell SSH Though located on the same LAN Byte blocks and error-correctedXModem Product to Gain Service BenefitsRegister Your TTroubleshoot Access Software WarrantyServices Purchase Extended Next section Must apply for a user name and passwordContact Us Directory of 3Com resources by region at 00800 4411 Contact Us Appendix F Obtaining Support for Your 3COM Products Regulatory Notices