IP ACLs, Access-list ip | Accton Technology ES3552XA, ES3526XA


	Access Control List Commands			4
	Table 4-34 Access Control Lists

Command Groups	Function		Page

IP ACLs	Configures ACLs based on IP addresses, TCP/UDP port number,		4-103
	protocol type, and TCP control code
MAC ACLs	Configures ACLs based on hardware addresses, packet format, and		4-110
	Ethernet type
ACL Information	Displays ACLs and associated rules; shows ACLs assigned to each port		4-115

IP ACLs
	Table 4-35 IP ACLs

Command	Function	Mode	Page

access-list ip	Creates an IP ACL and enters configuration mode	GC	4-103

permit, deny	Filters packets matching a specified source IP address	STD-ACL	4-104

permit, deny	Filters packets meeting the specified criteria, including	EXT-ACL	4-105
	source and destination IP address, TCP/UDP port number,
	protocol type, and TCP control code
show ip access-list	Displays the rules for configured IP ACLs	PE	4-107

ip access-group	Adds a port to an IP ACL	IC	4-107

show ip access-group	Shows port assignments for IP ACLs	PE	4-107

map access-list ip	Sets the CoS value and corresponding output queue for	IC	4-108
	packets matching an ACL rule
show map access-list ip	Shows CoS value mapped to an access list for an interface	PE	4-109

access-list ip

This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to remove the specified ACL.

Syntax

[no] access-list ip {standard extended} acl_name

•standard – Specifies an ACL that filters packets based on the source IP address.

•extended – Specifies an ACL that filters packets based on the source or destination IP address, and other more specific criteria.

•acl_name – Name of the ACL. (Maximum length: 16 characters)

Default Setting

None

Command Mode

Global Configuration

4-103

Page 345

Image 345

Accton Technology ES3552XA, ES3526XA manual IP ACLs, Access-list ip, Access Control Lists Command Groups Function

Contents

Powered by Accton Page Fast Ethernet Switch ES3526XA ES3552XA F2.2.6.3 E122006-CS-R02 149100005500H Contents Page Iii Page Command Line Interface Page Vii Viii Contents Page Contents Xii Appendix B Troubleshooting Appendix a Software SpecificationsGlossary Index Xiii Xiv Tables Xvi Xvii Xviii Xix Figures Figures Xxi Xxii Key Features Key FeaturesFeature Description Supports standard STP and Rapid Spanning Tree Protocol Rstp Description of Software Features Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Password super Client Enabled System Defaults Function Parameter Clock Synchronization Disabled Introduction Configuration Options Connecting to the Switch Required Connections Initial Configuration Basic Configuration Remote ConnectionsConsole Connection Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Community Strings for Snmp version 1 and 2c clients Enabling Snmp Management Access Trap Receivers 118120 Configuring Access for Snmp Version 3 Clients Saving Configuration Settings125 126 Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Configuration Options Main Menu ConfigurationMain Menu Menu Description System System Information ACL Menu Description Current Table 139143 148 155 Class-of-service value IP Dscp Priority164 Dscp Priority Status Both IP Precedence Priority Query Igmp Filter Configuration Menu Description Igmp Snooping 170 Igmp ConfigurationConfiguration Settings Igmp Filter/Throttling Trunk Configuration Settings Main Menu Field Attributes Displaying System Information Main Board Displaying Switch Hardware/Software VersionsManagement Software Expansion Slot Displaying Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration CLI Enter the following command Setting the Switch’s IP AddressCommand Attributes 195 131 244245 246 Using DHCP/BOOTP Dhcp Relay and Option 82 Information Command Usage 242 241 Managing Firmware Operation Code Image File Transfer Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Copy Configuration Settings Downloading Configuration Settings from a Server Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet System Log Configuration Configuring Event Logging Level Severity Name Description Logging Levels 17 Remote Logs Remote Log Configuration CLI This example shows the event message stored in RAM Displaying Log Messages Sending Simple Mail Transfer Protocol Alerts 19 Enabling and Configuring Smtp Alerts 20 Resetting the System Resetting the System Configuring Sntp Setting the System Clock Configuring NTP 22 NTP Client Configuration Simple Network Management Protocol Setting the Time Zone SNMPv3 Security Models and Levels Level Group Read View Write View Notify View SecurityUser defined CLI The following example enables Snmp on the switch Setting Community Access StringsEnabling the Snmp Agent 117 Specifying Trap Managers and Trap Types 25 Configuring Snmp Community Strings Configuring the Switch 122 Configuring SNMPv3 Management Access Specifying a Remote Engine ID Setting a Local Engine IDCLI This example sets an SNMPv3 engine ID 123 CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users 29 Configuring SNMPv3 Users 130 Configuring Remote SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages This trap is sent when the fan fails Private Traps SwPowerStatusSwFanRecoverTrap This trap is sent when the fan failure has 127 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views Setting SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings Https System Support Configuring Https Address server ip-address Replacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the Switch Generating the Host Key Pair 36 SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server Configuring Port Security 38 Configuring Port Security Configuring 802.1X Port Authentication 802.1X protocol provides client authentication Displaying 802.1X Global SettingsCLI This example shows the default global setting for Web Click Security, 802.1X, Information Configuring 802.1X Global Settings Configuring Port Settings forCLI This example enables 802.1X globally for the switch Authorized 41 802.1X Port Configuration Consoleconfig#interface ethernet 1/2 802.1X Statistics Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for port MAC Address Authentication Configuring the MAC Authentication Reauthentication Time Web Click Security, Network Access, Configuration Configuring MAC Authentication for Ports Web Click Security, Network Access, Port Configuration CLI This example configures MAC authentication for portDisplaying Secure MAC Address Information 45 Network Access MAC Address Information 100 Configuring MAC Address Filters Filtering Addresses for Management Access 47 Creating a Web IP Filter List CLI This example allows Snmp access for a specific client Configuring Access Control Lists Access Control Lists Setting the ACL Name and Type CLI This example creates a standard IP ACL named david103 104 Configuring a Standard IP ACL Configuring an Extended IP ACL 105 50 ACL Configuration Extended IP 111 Configuring a MAC ACL 52 Binding a Port to an ACL Binding a Port to an Access Control List Displaying Connection Status Port ConfigurationField Attributes Web 107 Configuration Web Click Port, Port Information or Trunk InformationBasic Information Configuring Interface Connections Current Status138 54 Port/Trunk Configuration Creating Trunk Groups 136135 55 Configuring Port Trunks Statically Configuring a Trunk 147 Enabling Lacp on Selected Ports 148 56 Lacp Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters 57 Lacp Aggregation Port Displaying Lacp Port Counters You can display statistics for Lacp protocol messagesLacp Port Counters LACPDUs Illegal Pkts Protocols Ethernet Type Displaying Lacp Settings and Status for the Local Side Lacp Internal Configuration InformationField Description 59 Lacp Port Internal Information 10 Lacp Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote Side Console#show lacp 1 neighbors 61 Port Broadcast Control Setting Broadcast Storm Thresholds Configuring Port Mirroring 137140 Configuring Rate Limits Rate Limit Granularity142 145 Rate Limit Configuration 144 Showing Port Statistics Errors Transmit ErrorsFCS Errors Protocol 11 Port Statistics Parameter DescriptionRmon Statistics Fragments Or alignment error 65 Port Statistics Setting Static Addresses Address Table SettingsCLI This example shows statistics for port 139 157 Displaying the Address Table 158 67 Dynamic Addresses Changing the Aging Time Spanning Tree Algorithm ConfigurationCLI This example sets the aging time to 300 seconds 159 Designated Root Port Bridge For this Region Displaying Global Settings 120 69 STA Information Mstp 176 Configuring Global Settings Global settings apply to the entire switchBasic Configuration of Global Settings Configuration Settings for Rstp Root Device Configuration Configuration Settings for Mstp 70 STA Global Configuration Displaying Interface Settings AD B 71 STA Port Information CLI This example shows the STA attributes for port Configuring Interface Settings 131 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees 133 178 73 Mstp Vlan Configuration 167 74 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp CLI This example sets the Mstp attributes for port 175174 Vlan Configuration Ieee 802.1Q VLANsAssigning Ports to VLANs VA Vlan Aware VU Vlan Unaware Forwarding Tagged/Untagged Frames CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global SettingDisplaying Basic Vlan Information 194 Displaying Current VLANs Command Attributes Web 78 Vlan Current Table Command Attributes CLI 187 Creating VLANs CLI This example creates a new Vlan 179180 Adding Static Members to VLANs Vlan Index 185 Adding Static Members to VLANs Port Index 81 Vlan Static Membership by Port Configuring Vlan Behavior for Interfaces 82 Vlan Port Configuration 182 Private VLANs183 184 153 Displaying Current Private VLANs Configuring Private VLANs Associating VLANs189 190 Displaying Private Vlan Interface Information 193 Configuring Private Vlan Interfaces 191 87 Private Vlan Port Configuration Class of Service Configuration Layer 2 Queue SettingsSetting the Default Priority for Interfaces CLI This example assigns a default priority of 5 to port 88 Port Priority Configuration Mapping CoS Values to Egress Queues 12 Egress Queue Priority Mapping13 CoS Priority Levels 203 201 90 Queue Mode Selecting the Queue Mode Setting the Service Weight for Traffic Classes 200202 Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority SettingsSelecting IP Precedence/DSCP Priority 204 14 Mapping IP Precedence Mapping IP Precedence 15 Mapping Dscp Priority Values Mapping Dscp Priority206 209 210 207 95 IP Port Priority Status Mapping IP Port Priority Mapping CoS Values to ACLs 16 Egress Queue Priority Mapping205 108 Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 98 Igmp Configuration Enabling Igmp Immediate Leave 100 Displaying Multicast Router Port Information Displaying Interfaces Attached to a Multicast Router Specifying Static Interfaces for a Multicast Router 220219 215 Displaying Port Members of Multicast Services 103 Igmp Member Port Table Assigning Ports to Multicast Services Enabling Igmp Filtering and Throttling Igmp Filtering and Throttling 104 Enabling Igmp Filtering and Throttling Configuring Igmp Filter Profiles 105 Igmp Profile Configuration Configuring Igmp Filtering and Throttling for Interfaces 106 Igmp Filter and Throttling Port Configuration Multicast Vlan Registration General Configuration Guidelines for MVR 107 MVR Global Configuration Configuring Global MVR Settings 108 MVR Port Information Displaying MVR Interface Status 109 MVR Group IP Information Displaying Port Members of Multicast Groups MVR Vlan Configuring MVR Interface Status Assigning Static Multicast Groups to Interfaces Web Click MVR, Port or Trunk Configuration Configuring General DNS Service Parameters Configuring Domain Name Service 190 235 234236 237 113 DNS Static Host Table Configuring Static DNS Host to Address Entries Displaying the DNS Cache 233238 Cluster Configuration Switch Clustering Adds Candidate switches to the cluster as Members Cluster Member Configuration249 250 Web Click Cluster, Member Configuration Displays current cluster Member switch informationCluster Member Information 253 Cluster Candidate Information Configuring the Switch 198 Using the Command Line Interface Accessing the CLITelnet Connection Command Line Interface Command Completion Entering CommandsGetting Help on Commands Keywords and Arguments CLIMSGPRIVILEGEEXECCMDW2SHOWMVR Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup Command Modes Exec Commands Configuration Modes Command Prompt Configuration CommandsConsoleconfig-if# 131 Spanning-tree mst-configuration Consoleconfig-mstp# 160 Command Line Processing Command Line ProcessingKeystroke Function Command Groups Description Command Groups Command Line Interface Line Line Commands Related Commands LoginSyntax Login local no login Example Username 4-27 password PasswordSyntax Password 0 7 password no password No password is specified Timeout login response Exec-timeoutSyntax Exec-timeout seconds no exec-timeout Silent-time4-16 Timeout login response Password-threshSyntax Password-thresh threshold no password-thresh Default value is three attempts Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits Syntax Parity none even odd no parity Parity Stopbits SpeedSyntax Speed bps no speed Syntax Stopbits 1 Show line DisconnectSyntax Disconnect session-id Syntax Show line console vty Enable General CommandsTo show all lines, enter this command General Commands Function Mode Disable Enable password DisableEnable Level Show history Configure End Reload This example shows how to quit a CLI session This command exits the configuration programExit Quit System Management Commands Device Designation CommandsPrompt User Access Commands Function Mode User Access CommandsHostname Syntax Hostname name no hostname 10 Default Login Settings Username Access-level Password Guest AdminUsername Enable password Default is level Default password is superEnable 4-20 authentication enable 11 IP Filter Commands Function Mode IP Filter CommandsManagement Management Show management Web Server Commands Ip http portIp http server Ip http secure-server Syntax No ip http secure-server Default SettingIp http port 13 Https System Support Web Browser Operating System Ip http secure-port4-33 Copy tftp https-certificate Ip http secure-portPortnumber The UDP port used for HTTPS/SSL. Range Ip http secure-server4-32 Telnet Server Commands Ip telnet portIp telnet server 15 SSH Commands Function Mode Secure Shell CommandsIp telnet port Sets the SSH server key size Copy tftp public-key Command Line Interface Syntax No ip ssh server Default Setting Ip ssh serverIp ssh crypto host-key generate 4-40 show ssh Ip ssh authentication-retries Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-14 show ip ssh Ip ssh server-key size Delete public-keySyntax Delete public-key username dsa rsa Ip ssh crypto zeroize Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Ip ssh save host-key Show ip sshSyntax Ip ssh save host-key dsa rsa Show ssh 16 show ssh display descriptionTerminology Syntax Show public-key user username host Show public-keyUsername Name of an SSH user. Range 1-8 characters Shows all public keys 17 Event Logging Commands Function Mode Event Logging CommandsSyntax No logging on Default Setting Logging on Flash errors level 3 RAM warnings level 6 Logging history18 Logging Levels Logging facility Logging hostSyntax No logging host hostipaddress Hostipaddress The IP address of a syslog server Clear logging Logging trapSyntax Logging trap level no logging trap Syntax Clear logging flash ram Show logging Syntax Show logging flash ram sendmail trap19 show logging flash/ram display description Logging trap command Facility commandSyntax Show log flash ram login tail Show log 21 Smtp Alert Commands Function Mode Smtp Alert CommandsLogging sendmail host Following example shows sample messages stored in RAM Syntax Logging sendmail level level Logging sendmail level Logging sendmail destination-email Logging sendmail source-emailSyntax No logging sendmail source-email email-address This example will set the source email john@acme.com Syntax No logging sendmail Default Setting Logging sendmailShow logging sendmail 22 Time Commands Function Mode Time CommandsSyntax No sntp client Default Setting Sntp client Sntp server 4-55 sntp poll 4-56 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Ip IP address of an NTP time server. Range 1-3 addresses Sntp poll Show sntpSyntax Sntp poll seconds no sntp poll Ntp client Syntax No ntp client Default SettingNtp server Sntp client 4-54 ntp poll 4-58 ntp server Version number Ntp pollNtp client 4-57 ntp poll 4-58 show ntp Syntax Ntp poll seconds no ntp poll Ntp authentication-key Ntp authenticateSyntax No ntp authenticate Default Setting Ntp authentication-key4-59 Show ntp Clock timezone Calendar set This command displays the system clockShow calendar Calendar set hour min sec day month year month day year System Status Commands Show startup-config23 System Status Commands Function Mode Show running-config4-65 Show running-config Show startup-config4-63 This command displays system information Show systemShow users Show version 24 Frame Size Commands Frame Size CommandsJumbo frame Enables support for jumbo frames Syntax No jumbo frame Default Setting Flash/File Commands 25 Flash/File CommandsCommand Function Mode Copy Flash/File Commands Following example shows how to download a configuration file Delete Syntax Dir boot-rom config opcode filenameDir Delete filename Syntax whichboot Default Setting Whichboot26 File Directory Information Column Heading Description Boot system Syntax Boot system boot-romconfig opcode filenameDir 4-73 whichboot Authentication Sequence Authentication CommandsAuthentication login 27 Authentication Commands Command Group Function Username for setting the local user names and passwords Authentication enable Show radius-server Shows the current Radius settings 29 Radius Client Commands Function ModeRadius Client Radius-server host Radius-server key Radius-server port Radius-server retransmit Radius-server timeout 30 Tacacs Commands Function Mode TACACS+ ClientShow radius-server Tacacs-server port Tacacs-server hostTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Show tacacs-server 31 Port Security Commands Function Mode Port Security CommandsStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet 32 802.1X Port Authentication Command Function Mode 802.1X Port Authentication Acquire a new client Dot1x timeout re-authperiod Dot1x defaultBe re-authenticated Dot1x timeout tx-period Syntax No system-auth-control Default Setting Dot1x max-req Default Command ModeDot1x port-control Syntax Dot1x max-req count no dot1x max-req Syntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x operation-mode Interface Dot1x timeout quiet-period Dot1x re-authenticationSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. Range Dot1x timeout re-authperiod Dot1x timeout tx-periodShow dot1x Statistics Displays dot1x status for each port Syntax Show dot1x statistics interface interface Reauthentication State Machine Authenticator State MachineState Current state including initialize, reauthenticate Backend State Machine Example Network Access Network-access mode33 Network Access Command Function Mode 1024 Network-access max-mac-count Syntax No network-access mac-filter filter-idmac-address Network-access mac-filter Network-access dynamic-vlan Network-access port-mac-filterSyntax No network-access dynamic-vlan Default Setting Filter-id- The number that identifies the filter. Range Mac-authentication reauth-time Following example enables dynamic Vlan assignment on port1800 Show network-access Clear network-accessSyntax Show network-access interface interface Displays the settings for all interfaces Show network-access mac-address-table Show network-access mac-filterUse this command to display MAC authentication filters Displays all filters 101 Access Control Lists Access Control List Commands 34 Access Control Lists Command Groups Function Access-list ip35 IP ACLs Command Function Mode Syntax No access-list ip standard extended aclname Permit, deny Ip access-group4-107 show ip access-list4-107 Syntax No permit deny any source bitmask host sourceStandard ACL No permit deny tcp Access-list ip Extended ACL Ip access-group Show ip access-listSyntax Show ip access-list standard extended aclname Syntax No ip access-group aclname Map access-list ip Show ip access-groupShow ip access-list4-107 This command shows the ports assigned to IP ACLs Queue cos-map4-201 Show map access-list ip Show map access-list ipSyntax Show map access-list ip interface 36 Egress Queue Priority Mapping Example 37 MAC ACLs Command Function Mode Access-list macSyntax No access-list mac aclname MAC ACLs Syntax No permit deny Permit, deny MAC ACL Mac access-group Show mac access-listSyntax Show mac access-list aclname Syntax Mac access-group aclname Map access-list mac Show mac access-groupShow mac access-list4-112 This command shows the ports assigned to MAC ACLs Queue cos-map4-201 Show map access-list mac Show map access-list macSyntax Show map access-list mac interface 38 Egress Queue Priority Mapping Show access-group Show access-list39 ACL Information Command Function Mode ACL Information 40 Snmp Commands Function Mode Snmp Commands Syntax No snmp-server Default Setting Snmp-serverShow snmp Snmp-server community Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This command shows the Snmp engine ID This example shows the default engine IDShow snmp engine-id Snmp-server view Defaultview includes access to the entire MIB treeExamples This view includes MIB-2 Show snmp view This command shows information on the Snmp viewsSnmp-server group 42 show snmp view display description Show snmp group 43 show snmp group display description Snmp-server user 129 This command shows information on Snmp users Show snmp user44 show snmp user display description 45 Interface Commands Function Mode Interface CommandsInterface Port-channel channel-idRange Description Speed-duplexSyntax Description string no description Syntax No negotiation Default Setting NegotiationNegotiation 4-133 capabilities Following example configures port 11 to use autonegotiation CapabilitiesCapabilities 4-134speed-duplex4-132 Syntax No flowcontrol Default Setting FlowcontrolNegotiation 4-133speed-duplex4-132 flowcontrol Shutdown Syntax No shutdown Default Setting This command clears statistics on an interface Switchport broadcast packet-ratePort-channel channel-idRange Default Setting Clear counters Show interfaces status This command displays the status for an interfaceFollowing example clears statistics on port Syntax Show interfaces status interface Show interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces Show interfaces switchport Syntax Show interfaces switchport interfaceShows all interfaces Interfaces Switchport Statistics 47 Mirror Port Commands Function Mode Mirror Port CommandsPort monitor Interface ethernet unit/port source port Following shows mirroring configured from port 6 to port This command displays mirror informationShow port monitor Syntax Show port monitor interface 48 Rate Limit Commands Function Mode Rate Limit CommandsRate-limit Fast Ethernet255 Gigabit Ethernet30 Use this command to display the rate limit granularity Global Configuration Ethernet, Port ChannelRate-limit granularity Show rate-limit 49 Link Aggregation Commands Link Aggregation Commands151 138 Guidelines for Creating Trunks Channel-groupGeneral Guidelines Dynamically Creating a Port Channel Syntax No lacp Default Setting LacpFollowing example creates trunk 1 and then adds port 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel This command displays Lacp information Lacp port-priorityShow lacp 50 show lacp counters display description Port Channel allType Badly formed PDU or an illegal value of Protocol Subtype 51 show lacp internal display description 52 show lacp neighbors display description Address Table Commands 54 Address Table Commands Function Mode53 show lacp sysid display description Mac-address- MAC address Mac-address-table staticVlan-id- Vlan ID Range Action Clear mac-address-table dynamic Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Show mac-address-table aging-time Mac-address-table aging-time 55 Spanning Tree Commands Function Mode Spanning Tree Commands Syntax No spanning-tree Default Setting Spanning-tree modeSpanning tree is enabled Spanning-tree Spanning-tree forward-time Spanning-tree forward-time 4-162spanning-tree max-age Spanning-tree hello-time Spanning-tree max-age Spanning-tree prioritySpanning-tree forward-time 4-162spanning-tree hello-time Long method Spanning-tree pathcost method This command limits the maximum transmission rate for BPDUs Spanning-tree mst-configurationSpanning-tree transmission-limit Count The transmission limit in seconds. Range MST Configuration Mst vlanNo mst instanceid vlan vlan-range Name Mst priorityMst instanceid priority priority no mst instanceid priority Syntax Name name Max-hops RevisionSyntax Revision number Max-hopshop-number Syntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the spanning tree algorithm for port Spanning-tree cost Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree edge-port Syntax No spanning-tree edge-port Default Setting Spanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-tree link-type Spanning-treeedge-port4-172 Auto Spanning-tree mst cost Spanning-tree mst port-priority4-175 Spanning-tree mst port-priority Spanning-tree protocol-migration Port-channel channel-idRange Command ModeShow spanning-tree Syntax Spanning-tree protocol-migration interface 177 Show spanning-tree mst configuration 56 VLANs Command Groups Function Vlan Commands57 Editing Vlan Groups Command Function Mode Editing Vlan Groups Vlan Database Configuration By default only Vlan 1 exists and is activeVlan Show vlan 58 Configuring Vlan Interfaces Command Function Mode Configuring Vlan InterfacesInterface vlan Interface vlan Switchport acceptable-frame-types Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types4-182 Syntax No switchport ingress-filtering Default Setting Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Switchport forbidden vlan 59 Show Vlan Commands Function ModeDisplaying Vlan Information Following example shows how to display information for Vlan This command shows Vlan informationShow vlan Shows all VLANs 60 Private Vlan Commands Configuring Private VLANs Private-vlan Vlan Configuration No private-vlan primary-vlan-idassociation Private vlan association Switchport private-vlan host-association Switchport mode private-vlanNormal Vlan Secondary-vlan-id- ID of secondary VLAN. Range Isolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan isolated Switchport private-vlan mapping Show vlan private-vlanSyntax Show vlan private-vlan community isolated primary 61 Gvrp and Bridge Extension Commands Function Mode Gvrp and Bridge Extension CommandsSyntax No bridge-ext gvrp Default Setting Bridge-ext gvrp Switchport gvrp Syntax No switchport gvrp Default SettingShow bridge-ext Garp timer Show gvrp configurationThis command shows if Gvrp is enabled Syntax Show gvrp configuration interface Show garp timer Syntax Show garp timer interfaceShows all Garp timers Priority Commands Layer Priority Commands62 Priority Commands Command Groups Function 63 Priority Commands Layer Function Mode Queue mode Switchport priority defaultSyntax Queue mode strict wrr no queue mode Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidth Queue cos-mapqueueid cos1 ... cosn no queue cos-map Queue cos-map This command shows the current queue mode Show queue modeShow queue bandwidth Show queue cos-map4-203 This command shows the class of service priority map Show queue cos-mapSyntax Show queue cos-map interface Priority Commands Layer 3 65 Priority Commands Layer 3 Function ModeSyntax No map ip port Default Setting Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value 66 Mapping IP Precedence Values CoS Value Command Mode List below shows the default priority mapping Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting Show map ip port Use this command to show the IP port priority map67 IP Dscp to CoS Vales IP Dscp Value CoS Value 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 This command shows the IP precedence priority map Show map ip precedenceSyntax Show map ip precedence interface This command shows the IP Dscp priority map Show map ip dscpSyntax Show map ip dscp interface Igmp Snooping Commands Multicast Filtering Commands68 Multicast Filtering Commands Command Groups Function 69 Igmp Snooping Commands Function Mode Following example enables Igmp snooping Syntax No ip igmp snooping Default SettingIp igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Following configures the switch to use Igmp VersionIp igmp snooping immediate-leave Igmp Version Show mac-address-table multicast Show ip igmp snooping 215 70 Igmp Query Commands Layer Function Mode Igmp Query Commands LayerSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Ip igmp snooping query-interval Following shows how to configure the query count toTimes Ip igmp snooping query-max-response-time4-218 Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-timeIp igmp snooping router-port-expire-time 71 Static Multicast Routing Commands Function Mode Static Multicast Routing CommandsIp igmp snooping vlan mrouter Syntax No ip igmp snooping vlan vlan-idmrouter interface Show ip igmp snooping mrouter Displays multicast router ports for all configured VLANsSyntax Show ip igmp snooping mrouter vlan vlan-id Multicast router port types displayed include Static 72 Igmp Filtering and Throttling Commands Function Mode Igmp Filtering and Throttling CommandsSyntax No ip igmp filter Default Setting 223 Ip igmp profile Syntax Permit deny Default SettingPermit, deny Syntax No ip igmp profile profile-number Range No range low-ip-address high-ip-addressSyntax No ip igmp filter profile-number Syntax Ip igmp max-groups number No ip igmp max-groups Ip igmp max-groups Show ip igmp filter Ip igmp max-groups actionSyntax Ip igmp max-groups action replace deny Syntax Show ip igmp filter interface Show ip igmp throttle interface Show ip igmp profileSyntax Show ip igmp profile profile-number Syntax Show ip igmp throttle interface interface 73 Multicast Vlan Registration Commands Function Mode Multicast Vlan Registration Commands229 Multicast groups assigned to the MVR Vlan No mvr group ip-address count vlan vlan-id Command Line Interface Mvr Global Configuration Multicast Filtering Commands Mvr Interface Configuration Show mvr Syntax Show mvr interface interface members ip-addressUnit Stack unit. Range Port Port number. Range 74 show mvr display description Following shows the global MVR settingsAre satisfied 75 show mvr interface display description Domain Name Service Commands 77 DNS Commands Function Mode76 show mvr members display description Clear host Ip hostNo ip host name address1 address2 … address8 Syntax Clear host name Removes all entries Ip domain-nameThis example clears all static entries from the DNS table Syntax Ip domain-name name no ip domain-name Ip domain-list Syntax No ip domain-list nameIp domain-name4-234 Ip domain-lookup Ip name-serverServer-address1- IP address of domain-name server Ip domain-name4-234 ip domain-lookup4-236 Ip domain-name4-234 ip name-server4-236 Show hosts Show dns Show dns cache78 show dns cache display description Clear dns cache This command clears all entries in the DNS cache 79 Dhcp Commands Function Mode Dhcp CommandsSyntax No ip dhcp relay information option Default Setting Ip dhcp relay information option Ip dhcp relay server Ip dhcp relay information policySyntax Ip dhcp relay information policy drop keep replace Ip dhcp relay server address1 address2 address3 Usage Guidelines Show ip dhcp-relay IP Interface Commands 80 IP Interface Commands Function ModeIp address Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayGateway IP address of the default gateway No static route is established Show ip interface Ip dhcp restart This command has no default for the host Ip default-gateway4-244Show ip redirects Ping 247 81 Switch Cluster Commands Function Mode Switch Cluster CommandsSyntax No cluster Default Setting Cluster Syntax No cluster commander Default Setting Cluster commanderCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-pool Syntax Rcommand id member-id RcommandMember-id- The ID number of the Member switch. Range Cluster member This command shows the current switch cluster members This command shows the switch clustering configurationShow cluster Show cluster members Show cluster candidates Software Features Appendix a Software Specifications Management Features Groups 1, 2, 3, 9 Statistics, History, Alarm, EventStandards Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Boot Protocol Bootp Access Control List ACLClass of Service CoS Differentiated Services Code Point Service Dscp Generic Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol Garp Igmp Query Igmp SnoopingInternet Group Management Protocol Igmp In-Band Management Port Authentication Multicast SwitchingRemote Authentication Dial-in User Service Radius MD5 Message-Digest Algorithm Rapid Spanning Tree Protocol Rstp Remote Monitoring RmonSecure Shell SSH Simple Network Management Protocol Snmp User Datagram Protocol UDP Virtual LAN VlanXModem Numerics Index Garp Vlan Registration Protocol See Gateway, default 3-14,4-245 Index-3 Index-4 Page ES3526XA ES3552XA E122006-CS-R02D 149100005500H

Accton Technology ES3552XA IP ACLs, Access-list ip, Access Control Lists Command Groups Function

Models: ES3526XA ES3552XA

Table 4-34 Access Control Lists

Command Groups

Function

IP ACLs

Table 4-35 IP ACLs

Command