Access Control Lists, 123 | Accton Technology ES3528M-SFP guide

Access Control Lists 3

•Status – Indicates whether MAC Authentication is enabled or disabled for the port. See “Configuring MAC Authentication for Ports” on page 3-94.The following parameters are unavailable for modification if MAC Authentication is not enabled for the port.

•Max MAC Count – The maximum allowed amount of MAC authenticated MAC addresses on the port. (Default: 1024; Range: 1-1024)

•Intrusion Action – The switch can respond in two ways to an intrusion.

-Block Traffic – All traffic for the unauthenticated host is blocked.

-Pass Traffic – All traffic for the unauthenticated host is allowed.

•Trunk – Indicates if the port is a trunk member.

Web – Click Security, MAC Authentication. Modify the Maximum MAC Count and Intrusion Action. Click Apply.

Figure 3-65 MAC Authentication Port Configuration

CLI – This example configures the maximum MAC count to 32 and sets the intrusion action to block all traffic for port 1.

Console(config)#interface ethernet 1/1	4-166
Console(config-if)#mac-authentication max-mac-count 24	4-123

Console(config-if)#mac-authentication intrusion-action block-traffic4-123Console(config-if)#

Access Control Lists

Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.

3-99

Page 149

Image 149

Accton Technology ES3528M-SFP manual Access Control Lists, 123

Contents

Powered by Accton Page Fast Ethernet Switch ES3528M-SFP E122007-DG-R01 149100035500A About This Guide Installation GuidePage Contents Page Iii Page Contents Command Line Interface Vii Viii Contents Page Contents Xii Xiii Xiv Contents Xvi Appendix a Software Specifications Xvii Appendix B TroubleshootingGlossary Index Xviii Xix TablesPage Xxi Xxii Xxiii Figures Xxiv Figures Xxv Xxvi Feature Description Key FeaturesKey Features Introduction Description of Software Features Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Password super Client Enabled System Defaults Function Parameter NTP Clock Synchronization Disabled Configuration Options Connecting to the Switch Required Connections Initial Configuration Console Connection Basic ConfigurationRemote Connections Manual Configuration Setting PasswordsSetting an IP Address Dynamic Configuration Enabling Snmp Management Access 154 Trap Receivers152 Configuring Access for Snmp Version 3 Clients Saving Configuration Settings159 160 Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Configuration Options ActionButton Revert Apply Help System System Information Main MenuMain Menu Description Https Settings Configures secure Http settings Radius Group SettingsTACACS+ Group Settings 116 107 802.1Q Vlan 155 149155 Current Table 159164 176 Remote Port Information Port on this switch Remote Trunk Information187 190 217 Static Multicast Router Port225 233 245 Configuration Enables Upnp and defines timeout values Field Attributes Displaying System Information CLI Specify the hostname, location and contact information Displaying Switch Hardware/Software VersionsMain Board Management Software Switch Information Web Click System, Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration CLI Enter the following command Setting the Switch’s IP AddressCommand Attributes 239 310 166309 311 Using DHCP/BOOTP Managing Firmware Enabling Jumbo Frames Copy Firmware Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Downloading Configuration Settings for Startup Downloading Configuration Settings from a Server 13 Setting the Startup Configuration Settings Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Basic Configuration System Log Configuration Configuring Event LoggingDisplaying Log Messages CLI This example shows the event message stored in RAM Level Severity Name Description Error resource exhaustedLogging Levels Remote Log Configuration 18 Remote Logs Simple Mail Transfer Protocol 19 Enabling and Configuring Smtp 20 Resetting the System Resetting the System Configuring Sntp Setting the System ClockSetting the Time Manually 21 Sntp Configuration Configuring NTP 22 NTP Client Configuration Setting the Time Zone Simple Network Management Protocol 23 Setting the System Clock SNMPv3 Security Models and Levels Setting Community Access StringsLevel Group Read View Write View Notify View Security User defined Specifying Trap Managers and Trap Types Access Mode 156 Enabling Snmp Agent Status Web Click SNMP, Agent Status Configuring SNMPv3 Management AccessSetting the Local Engine ID Web Click SNMP, SNMPv3, Engine ID Configuring SNMPv3 UsersSpecifying a Remote Engine ID Configuring the Switch 29 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages Rmon Events SwPowerStatus 6.1.4.1.259.8.1.4.2.1.0.1Private Traps ChangeTrap SwIpFilterRejectTrap 6.1.4.1.259.8.1.4.2.1.0.40 31 Configuring SNMPv3 Groups Setting SNMPv3 Views 32 Configuring SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Command Usage Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings 101 100 TACACS+ Settings Configuring Encryption KeysCommand Attributes Radius Settings AAA Authorization and Accounting Configuring AAA TACACS+ Group Settings Configuring AAA Radius Group Settings102 103 37 AAA TACACS+ Group Settings Configuring AAA Accounting 38 AAA Accounting Settings 106 AAA Accounting UpdateAAA Accounting 802.1X Port Settings 107 AAA Accounting Exec Command Privileges 108 41 AAA Accounting Exec Command Privileges AAA Accounting Summary AAA Accounting Exec SettingsAAA Accounting Summary AAA Accounting Statistics Summary 110 Web Click Security, AAA, Summary 44 AAA Authorization Settings Authorization Settings 109 Authorization Exec SettingsAuthorization Summary Https System Support Web Browser Operating System Configuring Https 47 Https Settings Replacing the Default Secure-site Certificate Address server ip-address Configuring the Secure Shell Command Usage Authenticating SSH v2 Clients Authenticating SSH v1.5 Clients SSH server includes basic settings for authentication Configuring the SSH Server Generating the Host Key Pair Importing User Public Keys 50 SSH Host-Key Settings User Authentication 51 SSH User Public-Key Settings END SSH2 Public KEY Configuring Port Security 111 Configuring 802.1X Port Authentication Configuring the Switch Configuring 802.1X Global Settings Displaying 802.1X Global Settings802.1X protocol provides client authentication CLI This example shows the default global setting for 113 Configuring Port Settings forCLI This example enables 802.1X globally for the switch 55 802.1X Port Configuration 117 114116 Parameter Description Displaying 802.1X Statistics802.1X Statistics CLI This example displays the 802.1X statistics for port Web Authentication 57 Web Authentication Configuration Configuring Web Authentication Configuring Web Authentication for Ports 137 Displaying Web Authentication Port Information Web Click Security, Web Authentication, Port Information Re-authenticating Web Authenticated Ports 136 Network Access MAC Address Authentication Configuring MAC Authentication for Ports Configuring the MAC Authentication Reauthentication TimeWeb Click Security, Network Access, Configuration Mode Enables MAC authentication on a port. Default None 62 Network Access Port Configuration CLI This example configures MAC authentication for port Configuring Port Link Detection Displaying Secure MAC Address Information 63 Network Access Port Link Detection Configuration Configuring MAC authentication parameters for ports MAC AuthenticationPort Indicates the port being configured 129 123 Access Control Lists Setting the ACL Name and Type Configuring Access Control Lists 140 Configuring a Standard IP ACLCLI This example creates a standard IP ACL named david 141 Configuring an Extended IP ACL 103 68 Configuring Extended IP ACLs Configuring a MAC ACL 146 Binding a Port to an Access Control List 143 Filtering IP Addresses for Management Access 108 71 Creating an IP Filter List CLI This example allows Snmp access for a specific client Field Attributes Web Port ConfigurationDisplaying Connection Status Field Attributes CLI ConfigurationBasic Information Current Status 173 Configuring Interface ConnectionsCLI This example shows the connection status for Port 171 167168 170 Creating Trunk Groups 74 Configuring Static Trunks Statically Configuring a Trunk 181 Enabling Lacp on Selected Ports 75 Lacp Trunk Configuration 182 Configuring Lacp ParametersDynamically Creating a Port Channel 76 Lacp Port Configuration You can display statistics for Lacp protocol messages Displaying Lacp Port CountersLacp Port Counters Field Description CLI The following example displays Lacp counters 77 Lacp Port Counters Information Lacp Internal Configuration Information Displaying Lacp Settings and Status for the Local Side 78 Lacp Port Internal Information 79 Lacp Port Neighbors Information Displaying Lacp Settings and Status for the Remote Side Setting Broadcast Storm Thresholds 175 172 177 Configuring Port Mirroring 179 Configuring Rate LimitsRate Limit Configuration Showing Port Statistics Rmon Statistics 11 Port StatisticsEtherlike Statistics Formed Fragments Formed Oversize Frames 83 Port Statistics Setting Static Addresses Address Table SettingsCLI This example shows statistics for port 174 190 Displaying the Address Table 191 85 Configuring a Dynamic Address Table Changing the Aging Time Spanning Tree Algorithm ConfigurationCLI This example sets the aging time to 300 seconds 192 Designated Root Port Bridge Displaying Global Settings 139 235 87 Displaying Spanning Tree Information Basic Configuration of Global Settings Configuring Global SettingsGlobal settings apply to the entire switch Configuration Settings for Rstp Root Device Configuration 88 Configuring Spanning Tree Configuration Settings for Mstp Displaying Interface Settings AD B 89 Displaying Spanning Tree Port Information CLI This example shows the STA attributes for port Configuring Interface Settings 148 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees 224 223225 MST Instance ID Instance identifier to configure. Default Displaying Interface Settings for Mstp 92 Displaying Mstp Interface Settings Configuring Interface Settings for Mstp 154 CLI This example sets the Mstp attributes for port Vlan ConfigurationIeee 802.1Q VLANs Assigning Ports to VLANs Port-based Vlan Forwarding Tagged/Untagged Frames Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Displaying Current VLANs Command Attributes WebDisplaying Basic Vlan Information 96 Displaying Current VLANs Command Attributes CLI 250 Creating VLANs CLI This example creates a new Vlan Adding Static Members to VLANs Vlan Index242 243 163 248 Adding Static Members to VLANs Port Index Configuring Vlan Behavior for Interfaces 100 Configuring VLANs per Port Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Enabling QinQ Tunneling on the SwitchConfiguration Limitations for QinQ 101 802.1Q Tunnel Status and Ethernet Type Adding an Interface to a QinQ Tunnel CLI This example sets the switch to operate in QinQ mode251 253 252 Private VLANs Displaying Current Private VLANs 103 Private Vlan Information Configuring Private VLANs 256 Associating VLANsEach community Vlan must be associated with a primary Vlan 106 Private Vlan Port Information Displaying Private Vlan Interface Information 259 Configuring Private Vlan Interfaces Protocol VLANs Protocol Vlan Group Configuration257 258 261 Protocol Vlan System Configuration Web Click VLAN, Protocol VLAN, System Configuration Setting Lldp Timing AttributesLink Layer Discovery Protocol 262 182 195 Configuring Lldp Interface Attributes197 198 184 111 Lldp Port Configuration Displaying Lldp Local Device Information 212 Displaying Lldp Remote Port Information 213 Displaying Lldp Remote Information Details 115 Lldp Device Statistics Displaying Device Statistics 116 Lldp Device Statistics Details Displaying Detailed Device Statistics Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings CLI This example assigns a default priority of 5 to port Port Priority ConfigurationMapping CoS Values to Egress Queues 265 13 CoS Priority Levels 12 Mapping CoS Values to Egress QueuesPriority Level Traffic Type Background 269 Enabling CoS267 Setting the Service Weight for Traffic Classes Selecting the Queue ModeWeb Click Priority, Traffic Classes Status 268 Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority Settings Enabling IP Dscp Priority Switch allows you to enable or disable the IP Dscp priority 14 Mapping Dscp Priority Values Mapping Dscp PriorityIP Dscp Value CoS Value 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 271 Quality of Service270 Configuring a Class Map Configuring Quality of Service ParametersClass map is used for matching packets to a specified class Class Map Match Class Settings Class Configuration 274 273 Policy Map Policy ConfigurationCreating QoS Policies Policy Options Policy Rule Settings Class Settings 125 Configuring Policy Maps 275 Attaching a Policy Map to Ingress Queues276 277 Configuring VoIP Traffic VoIP Traffic Configuration 282 Configuring VoIP Traffic Port281 128 VoIP Traffic Port Configuration 283 Configuring Telephony OUI284 285 129 Telephony OUI List Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters 214 Enabling Igmp Immediate Leave 290 Displaying Interfaces Attached to a Multicast Router 132 Displaying Multicast Router Port Information Specifying Static Interfaces for a Multicast Router 133 Static Multicast Router Port Configuration Displaying Port Members of Multicast Services 134 IP Multicast Registration Table Assigning Ports to Multicast Services 291 Igmp Filtering and Throttling 136 Enabling Igmp Filtering and Throttling Enabling Igmp Filtering and Throttling 302 Configuring Igmp Filter Profiles298 299 Configuring Igmp Filtering and Throttling for InterfacesOnly one profile can be assigned to an interface 138 Igmp Filter and Throttling Port Configuration 300 Multicast Vlan Registration301 303 General Configuration Guidelines for MVR Configuring Global MVR Settings 304 Displaying MVR Interface Status 307 Displaying Port Members of Multicast Groups Web Click MVR, Group IP Information Configuring MVR Interface Status 142 MVR Port Configuration 305 Assigning Static Multicast Groups to Interfaces Dhcp Snooping Dhcp Snooping Vlan Configuration Dhcp Snooping ConfigurationWeb Click Dhcp Snooping, Configuration Enables Dhcp snooping on the specified Vlan Web Click Dhcp Snooping, Vlan Configuration Dhcp Snooping Information Option ConfigurationCLI This example first enables Dhcp Snooping for Vlan 319 322 Dhcp Snooping Port ConfigurationWeb Click Dhcp Snooping, Information Option Configuration 324 Dhcp Snooping Binding Information320 IP Source Guard IP Source Guard Port Configuration 316 Static IP Source Guard Binding Configuration313 Dynamic IP Source Guard Binding Information Web Click IP Source Guard, Static Configuration Web Click IP Source Guard, Dynamic Information IP Clustering 152 Cluster Member Choice Cluster Configuration Web Click Cluster, Configuration Cluster Member ConfigurationAdds Candidate switches to the cluster as Members 325 Cluster Member Information Displays current cluster Member switch informationCluster Candidate Information 328 156 Cluster Candidate Information Web Click Cluster, Candidate Information UPnP 217 215216 Accessing the CLI Using the Command Line Interface Telnet Connection Command Completion Entering CommandsGetting Help on Commands Keywords and Arguments Showing Commands Lldp Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup Command Modes Exec Commands Configuration Modes Command Prompt Configuration CommandsConsoleconfig-if# 166 Vlan database Consoleconfig-vlan 242 Consoleconfig#interface ethernet 1/5 Consoleconfig-if#exit Keystroke Function Command Line ProcessingCommand Line Processing Command Groups Description Command Groups Line Commands Function Mode Line Commands Line Login Username 4-38 password PasswordSyntax Password 0 7 password no password No password is specified Exec-timeout Timeout login response Syntax Password-thresh threshold no password-thresh Password-threshSyntax Exec-timeout seconds no exec-timeout Syntax Silent-time seconds no silent-time Silent-timeDatabits Syntax Parity none even odd no parity ParitySyntax Databits 7 8 no databits Stopbits SpeedSyntax Speed bps no speed Syntax Stopbits 1 Show line DisconnectSyntax Disconnect session-id Syntax Show line console vty Enable General CommandsGeneral Commands Function Mode Syntax Enable level Disable Enable password DisableEnable Level End ConfigureShow history Syntax Reload cancel Reload cancelReload Syntax Reload in hour hours minute minutes This command returns to Privileged Exec mode Syntax Show reload Default SettingShow reload End This example shows how to quit a CLI session This command exits the configuration programExit Quit Prompt System Management CommandsDevice Designation Commands Banner Banner Commands Function ModeHostname Syntax Hostname name no hostname Syntax Banner configure Default Setting Banner configure Name The name of the company. Maximum length 32 characters Banner configure company Banner configure department Banner configure dc-power-info Banner configure equipment-info Banner configure ip-lan Banner configure equipment-location Lp-num- The LP number. Maximum length 32 characters Banner configure lp-number Syntax Banner configure mux muxinfo Banner configure manager-infoBanner configure mux No banner configure mux Banner configure note Show banner This command displays all banner informationSyntax Show banner Default Setting 10 User Access Commands Function Mode User Access Commands11 Default Login Settings Username Access-level Password Username Default is level Default password is super Enable password Management IP Filter Commands12 IP Filter Commands Function Mode Show management Ip http server Web Server CommandsIp http port Ip http secure-server Syntax No ip http secure-server Default SettingIp http port 14 Https System Support Web Browser Operating System Ip http secure-port4-44 Copy tftp https-certificate Ip http secure-portPortnumber The UDP port used for HTTPS. Range Ip http secure-server4-43 Ip telnet server Telnet Server CommandsIp telnet port 16 SSH Commands Function Mode Secure Shell CommandsIp telnet port Sets the SSH server key size Copy tftp public-key System Management Commands Ip ssh crypto host-key generate 4-51 show ssh Syntax No ip ssh server Default SettingIp ssh server Ip ssh authentication-retries Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-15 show ip ssh Syntax Delete public-key username dsa rsa Ip ssh server-key sizeDelete public-key Ip ssh crypto zeroize Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa Ip ssh save host-keyShow ip ssh Terminology Show ssh17 show ssh display description Syntax Show public-key user username host Show public-keyUsername Name of an SSH user. Range 1-8 characters Shows all public keys 18 Event Logging Commands Function Mode Event Logging CommandsSyntax No logging on Default Setting Logging on 19 Logging Levels Flash errors level 3 RAM warnings level 6Logging history Logging facility Logging hostSyntax No logging host hostipaddress Hostipaddress The IP address of a syslog server Clear logging Logging trapSyntax Logging trap level no logging trap Syntax Clear logging flash ram 20 show logging flash/ram display description Show loggingSyntax Show logging flash ram sendmail trap Logging trap command Facility commandSyntax Show log flash ram login tail Show log 22 Smtp Alert Commands Function Mode Smtp Alert CommandsLogging sendmail host Following example shows sample messages stored in RAM Syntax Logging sendmail level level Logging sendmail level Logging sendmail destination-email Logging sendmail source-emailSyntax No logging sendmail source-email email-address This example will set the source email john@acme.com Show logging sendmail Syntax No logging sendmail Default SettingLogging sendmail 23 Time Commands Function Mode Time CommandsSyntax No sntp client Default Setting Sntp client Syntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 4-66 sntp poll 4-67 show sntp Show sntp Sntp pollSntp client 4-65 sntp poll 4-67 show sntp Syntax Sntp poll seconds no sntp poll Sntp client 4-65 ntp poll 4-70 ntp server Syntax No ntp client Default SettingNtp client Syntax Ntp serverVersion number Ntp client 4-68 ntp poll 4-70 show ntp Syntax No ntp authenticate Default Setting Ntp authenticateNtp poll Syntax Ntp poll seconds no ntp poll Ntp authentication-key4-71 Ntp authentication-key GMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London Show ntpClock timezone-predefined Clock timezone No clock summer-time Clock summer-time date Australia Clock summer-time predefined235959, Sunday, Week 5 of March 60 min Europe 235959, Sunday, Week 3 of March 60 min Clock summer-time recurring Calendar set This command displays the system clockShow calendar Calendar set hour min sec day month year month day year 25 System Status Commands Function Mode System Status CommandsShow startup-config Show running-config4-79 Show running-config Command Line Interface Show startup-config4-78 Show users This command displays system informationShow system Show version 26 Frame Size Commands Function Mode Frame Size CommandsJumbo frame Enables support for jumbo frames Syntax No jumbo frame Default Setting 27 Flash/File Commands Function Mode Flash/File CommandsCopy Copy None Following example shows how to download a configuration file Delete This command deletes a file or imageDelete unit filename Dir Delete public-key4-50 Dir Syntax Dir unit boot-rom config opcode filename28 File Directory Information Column Heading Description Boot system WhichbootSyntax whichboot unit Syntax Boot system unit boot-romconfig opcode filename Authentication Sequence Authentication CommandsDir 4-89 whichboot 29 Authentication Commands Command Group Function Local Authentication loginUsername for setting the local user names and passwords Enable password sets the password for changing command modes Authentication enable Radius Client 31 Radius Client Commands Function ModeShow radius-server Shows the current Radius settings Retransmit Command Mode Default Setting Auth-portRadius-server host Radius-server acct-port Syntax Radius-server key keystring no radius-server key Radius-server auth-portRadius-server key Show radius-server Radius-server timeoutRadius-server retransmit Show tacacs-server Shows the current TACACS+ settings 101 32 Tacacs Commands Function ModeTACACS+ Client Tacacs-server host Tacacs-server port Default Setting PortTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Tacacs-server timeoutTacacs-server retransmit Show tacacs-server 33 AAA Commands Function Mode AAA CommandsAaa group server Syntax No aaa group server radius tacacs+ group-name Server Server Group ConfigurationAaa accounting dot1x No server index ip-address Aaa accounting exec Accounting is not enabled No servers are specifiedCommand Usage Example Aaa accounting commands Minute Syntax Accounting exec default list-nameno accounting exec Interface ConfigurationAccounting dot1x Accounting exec Aaa authorization exec Accounting commands Authorization is not enabled No servers are specified Authorization exec Interface Show accountingEthernet unit/port Unit Stack unit. Range Port Port number. Range 34 Port Security Commands Function Mode Port Security CommandsStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet 35 802.1X Port Authentication Command Function Mode 802.1X Port Authentication Acquire a new client Dot1x timeout re-authperiod Dot1x default117 Be re-authenticated Dot1x timeout tx-period Syntax No dotx system-auth-control Default Setting Dot1x max-req Default Command ModeDot1x port-control Syntax Dot1x max-req count no dot1x max-req Syntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x operation-mode Single-host Dot1x timeout quiet-period Dot1x re-authenticationSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. Range Dot1x timeout tx-period Dot1x timeout re-authperiod Show dot1x Dot1x intrusion-actionBlock-traffic Syntax Show dot1x statistics interface interface Backend State Machine Authenticator State Machine State Current state including initialize, reauthenticate Reauthentication State Machine 36 Network Access Command Function Mode Network-access modeMax-mac-count Interface Mac-authentication Syntax No network-access mode mac-authentication Network-access max-mac-count Mac-authentication max-mac-count Mac-authentication intrusion-actionInterface Config 2048 Network-access dynamic-vlan Network-access dynamic-qosSyntax No network-access dynamic-qos Default Setting Syntax No network-access dynamic-vlan Default Setting Network-access link-detection Network-access guest-vlanFollowing example enables dynamic Vlan assignment on port No network-access link-detection Network-access link-detection link-up Network-access link-detection link-down 1800 Network-access link-detection link-up-downMac-authentication reauth-time Show network-access Clear network-accessSyntax Show network-access interface interface Unit This is unit Port Port number. Range Displays all filters Show network-access mac-address-tableDisplays the settings for all interfaces Login-success-page-url Successful web authentication 37 Web Authentication Command Function Mode Login attempts Web-auth login-attemptsWeb-auth login-fail-page-url Switch-generated login Web-auth login-page-urlWeb-auth login-success-page-url Web-auth quiet-period Web-auth session-timeout Web-auth Web-auth system-auth-controlNo web-auth system-auth-control No web-auth Show web-auth interface This command displays global web authentication parametersShow web-auth Web-auth re-authenticate IP Web-auth re-authenticate Port Show web-auth summary Show web-auth summary 138 38 Access Control Lists Command Groups Function Access Control List CommandsAccess Control Lists 39 IP ACLs Command Function Mode Access-list ipSyntax No access-list ip standard extended aclname IP ACLs Access-list ip Permit, deny Ip access-group4-143 show ip access-list4-143Syntax No permit deny any source bitmask host source Standard ACL Extended ACL Any destination address-bitmask host destinationSource-port sport end destination-port dport end Ip access-group Show ip access-listSyntax Show ip access-list standard extended aclname Syntax No ip access-group aclname Show ip access-list4-143 Show ip access-groupThis command shows the ports assigned to IP ACLs 40 MAC ACL Commands Function Mode Aclname Name of the ACL. Maximum length 16 characters Access-list macSyntax No access-list mac aclname Permit, deny MAC ACL This command displays the rules for configured MAC ACLs Show mac access-listSyntax Show mac access-list aclname Permit, deny Mac access-group4-148 Show mac access-group Mac access-groupSyntax Mac access-group aclname Show mac access-list4-147 Show access-group Show access-list41 ACL Information Command Function Mode ACL Information 42 Snmp Commands Function Mode Snmp Commands Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID Snmp-server view Defaultview includes access to the entire MIB treeExamples This view includes MIB-2 Show snmp view This command shows information on the Snmp viewsSnmp-server group 44 show snmp view display description Show snmp group 162 45 show snmp group display description Snmp-server user 164 46 show snmp user display description This command shows information on Snmp usersShow snmp user 47 Interface Commands Function Mode Interface CommandsInterface Port-channel channel-idRange Syntax Description string no description DescriptionSpeed-duplex Negotiation 4-168 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 4-169speed-duplex4-167 Following example configures port 11 to use autonegotiationCapabilities Negotiation 4-168speed-duplex4-167 flowcontrol Syntax No flowcontrol Default SettingFlowcontrol Shutdown Syntax No shutdown Default Setting Port-channel channel-idRange Default Setting Switchport packet-rateClear counters Syntax Clear counters interface Show interfaces status This command displays the status for an interfaceFollowing example clears statistics on port Syntax Show interfaces status interface Show interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces Shows all interfaces Show interfaces switchportSyntax Show interfaces switchport interface 48 Interfaces Switchport Statistics 49 Mirror Port Commands Function Mode Mirror Port CommandsPort monitor Interface ethernet unit/port source port Following shows mirroring configured from port 6 to port This command displays mirror informationShow port monitor Syntax Show port monitor interface 50 Rate Limit Commands Function Mode Rate Limit CommandsRate-limit Configures the maximum input rate for a port 179 Rate-limit 51 Link Aggregation Commands Link Aggregation Commands185 173 Guidelines for Creating Trunks Channel-groupGeneral Guidelines Dynamically Creating a Port Channel Following example creates trunk 1 and then adds port Syntax No lacp Default SettingLacp 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel Show lacp This command displays Lacp informationLacp port-priority 52 show lacp counters display description Port Channel allType LACPDUs Illegal Pkts 53 show lacp internal display description 55 show lacp sysid display description 54 show lacp neighbors display description 56 Address Table Commands Function Mode Address Table CommandsMac-address-table static Action Mac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table Sort Sort by address, vlan or interface Mac-address-table aging-time 57 Lldp Commands Function Mode Lldp CommandsShow mac-address-table aging-time 196 Vlan ID Mac-phy Physical layer specifications Lldp dot3-tlv Lldp Syntax no lldp Default SettingLldp holdtime-multiplier Holdtime multiplier TTL 4*30 = 120 seconds Lldp notification-interval Lldp medFastStartCountSyntax Lldp medfaststartcount packets Packets Lldp refresh-interval Syntax Lldp refresh-interval seconds no lldp refresh-delay Lldp tx-delay Lldp reinit-delaySyntax Lldp reinit-delay seconds no lldp reinit-delay Syntax Lldp tx-delay seconds no lldp tx-delay Syntax No lldp notification Default Setting Lldp admin-statusLldp notification Tx-rx Lldp mednotification Syntax No lldp mednotification Default Setting Lldp basic-tlv port-description Lldp basic-tlv management-ip-address Lldp basic-tlv system-description Syntax No lldp basic-tlv port-description Default SettingLldp basic-tlv system-capabilities Syntax No lldp basic-tlv system-name Default Setting Syntax No lldp basic-tlv system-description Default SettingLldp basic-tlv system-name Lldp dot1-tlv proto-ident No lldp dot1-tlv proto-ident Syntax No lldp dot1-tlv proto-vid Default SettingLldp dot1-tlv proto-vid Lldp dot1-tlv pvid No lldp dot1-tlv vlan-name Lldp dot1-tlv vlan-nameLldp dot3-tlv link-agg No lldp dot3-tlv link-agg Lldp dot3-tlv mac-phy Syntax No lldp dot3-tlv mac-phy Default SettingLldp dot3-tlv max-frame Syntax No lldp dot3-tlv max-frame Lldp dot3-tlv poe Syntax No lldp dot3-tlv poe Default SettingLldp medtlv extpoe Syntax No lldp medtlv extpoe No lldp medtlv inventory Lldp medtlv inventoryLldp medtlv location No lldp medtlv location No lldp medtlv med-cap Lldp medtlv med-capLldp medtlv network-policy No lldp medtlv network-policy Syntax Show lldp config detail interface Show lldp configDetail Shows configuration summary Port-channel channel-idRange Command Mode 211 Detail Shows detailed information Show lldp info local-deviceSyntax Show lldp info local-device detail interface Show lldp info statistics Show lldp info remote-deviceSyntax Show lldp info remote-device detail interface Syntax Show lldp info statistics detail interface 214 UPnP Commands Function Mode UPnP CommandsSyntax No upnp device Default Setting Upnp device Upnp device advertise duration Upnp device ttlSyntax Upnp device ttl value Following example, the TTL is set to Show upnp Spanning Tree Commands58 Spanning Tree Commands Function Mode Spanning-tree Syntax No spanning-tree Default SettingSpanning tree is enabled Rstp Spanning-tree mode Spanning-tree forward-time Spanning-tree max-age Spanning-tree hello-time Syntax Spanning-tree pathcost method long short Spanning-tree prioritySpanning-tree pathcost method No spanning-tree pathcost method Spanning-tree mst-configurationSpanning-tree transmission-limit No mst instanceid vlan vlan-range MST ConfigurationMst vlan Name Mst priorityMst instanceid priority priority no mst instanceid priority Syntax Name name Max-hops RevisionSyntax Revision number Number Revision number of the spanning tree. Range Syntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the spanning tree algorithm for port Spanning-tree cost Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree edge-port Syntax No spanning-tree edge-port Default Setting Spanning-treeedge-port4-229 Syntax No spanning-tree portfast Default SettingSpanning-tree portfast Auto Spanning-tree link-typeSpanning-tree loopback-detection Spanning-tree loopback-detection release-mode Spanning-tree mst cost Spanning-tree loopback-detection trap Spanning-tree mst port-priority4-234 Spanning-tree mst port-priority Show spanning-tree Spanning-tree protocol-migrationSyntax Spanning-tree protocol-migration interface Syntax Show spanning-tree interface mst instanceid Mstp Show spanning-tree mst configuration Gvrp and Bridge Extension Commands Vlan Commands59 VLANs Command Groups Function 60 Gvrp and Bridge Extension Commands Function Mode Show bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Show gvrp configuration Switchport gvrpSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface Show garp timer Garp timer 61 Editing Vlan Groups Command Function Mode Syntax Show garp timer interfaceEditing Vlan Groups Vlan database Vlan Database Configuration By default only Vlan 1 exists and is activeVlan Show vlan 62 Configuring Vlan Interfaces Command Function Mode Configuring Vlan InterfacesInterface vlan Interface vlan Switchport acceptable-frame-types4-246 Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport ingress-filtering Switchport acceptable-frame-typesSwitchport mode All frame types Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan Show vlan 63 Show Vlan Commands Function ModeDisplaying Vlan Information General Configuration Guidelines for QinQ 64 Ieee 802.1Q Tunneling Commands Function ModeDot1q-tunnel system-tunnel-control Syntax No dot1q-tunnel system-tunnel-control Show dot1q-tunnel4-253 Show interfaces switchport Switchport dot1q-tunnel mode This command displays information about QinQ tunnel ports Switchport dot1q-tunnel tpidShow dot1q-tunnel 0x8100 Switchport dot1q-tunnel mode Configuring Private VLANs65 Private Vlan Commands Edit Private Vlan Groups Private-vlan Display Private Vlan Information 65 Private Vlan Commands Function ModeConfigure Private Vlan Interfaces Private vlan association Private-vlan Normal Vlan Switchport mode private-vlanNo private-vlan primary-vlan-idassociation Isolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan host-associationSwitchport private-vlan isolated Show vlan private-vlan Switchport private-vlan mapping Syntax Show vlan private-vlan community isolated primary 66 Protocol-based Vlan Commands Function Mode Protocol-vlan protocol-group Configuring Groups No protocol groups are mapped to any VLANs Protocol-vlan protocol-group Configuring VLANsNo protocol groups are configured Syntax Show protocol-vlan protocol-group group-id Show protocol-vlan protocol-groupShow protocol-vlan protocol-group-vid Priority Commands Layer Priority Commands67 Priority Commands Command Groups Function 68 Priority Commands Layer Function Mode Syntax Queue mode strict wrr no queue mode Queue modeSwitchport priority default Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidthWeights 1, 2, 4, 8 are assigned to queues 0-3 respectively Queue cos-mapqueueid cos1 ... cosn no queue cos-map 69 Default CoS Values to Egress QueuesQueue cos-map Following example shows how to change the CoS assignments Show queue modeThis command shows the current queue mode Show queue bandwidth This command shows the class of service priority map Priority Commands Layer 370 Priority Commands Layer 3 Function Mode Show queue cos-map 71 IP Dscp to CoS Vales IP Dscp Value CoS Value Syntax No map ip dscp Default SettingMap ip dscp dscp-value cos cos-value no map ip dscp Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp 72 Quality of Service Commands Function Mode Quality of Service Commands Syntax No class-map class-map-namematch-any Class-map Show class map Class Map ConfigurationMatch No policy-mappolicy-map-name Policy-map No class class-map-name Policy Map ConfigurationClass Set Policy Map Class ConfigurationPolice Syntax No police rate-kbpsburst-byteexceed-action drop set No policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Show policy-map Show class-mapSyntax Show class-map class-map-name Show policy-mappolicy-map-name class class-map-name 73 Voice Vlan Commands Function Mode Voice Vlan CommandsShow policy-map interface Syntax Show policy-map interface interface input Voice vlan voice-vlan-id no voice vlan Voice vlan Voice vlan mac-address Voice vlan agingSyntax Voice vlan aging minutes no voice vlan Minutes Following example adds a MAC OUI to the OUI Telephony list Switchport voice vlanFollowing example sets port 1 to Voice Vlan auto mode Switchport voice vlan security Switchport voice vlan ruleSyntax No switchport voice vlan rule oui lldp OUI Enabled Lldp Disabled Following example enables security filtering on port Switchport voice vlan priorityPriority-value- The CoS priority value. Range Following example sets the CoS priority to 5 on port Syntax Show voice vlan oui status Show voice vlan Igmp Snooping Commands Multicast Filtering Commands74 Multicast Filtering Commands Command Groups Function 75 Igmp Snooping Commands Function Mode Following example enables Igmp snooping Syntax No ip igmp snooping Default SettingIp igmp snooping Ip igmp snooping vlan static Syntax No ip igmp snooping leave-proxy Default Setting Following configures the switch to use Igmp VersionIp igmp snooping version Ip igmp snooping leave-proxy Following shows how to enable immediate leave Interface Configuration VlanIp igmp snooping immediate-leave Syntax No ip igmp snooping immediate-leave vlan-id Following shows the current Igmp snooping configuration This command shows the Igmp snooping configurationThis command shows known multicast addresses Show ip igmp snooping 76 Igmp Query Commands Layer Function Mode Igmp Query Commands LayerSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Ip igmp snooping query-count Following shows how to configure the query count toIp igmp snooping query-interval Times Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping router-port-expire-time Static Multicast Routing Commands77 Static Multicast Routing Commands Function Mode Show ip igmp snooping mrouter Ip igmp snooping vlan mrouterSyntax No ip igmp snooping vlan vlan-idmrouter interface Syntax Show ip igmp snooping mrouter vlan vlan-id 78 Igmp Filtering and Throttling Commands Function Mode Igmp Filtering and Throttling CommandsMulticast router port types displayed include Static 299 Ip igmp profile Syntax No ip igmp filter Default SettingSyntax No ip igmp profile profile-number Profile-number- An Igmp filter profile number. Range Permit, deny Syntax Permit deny Default SettingRange No range low-ip-address high-ip-address Syntax Ip igmp max-groups number no ip igmp max-groups Ip igmp max-groupsSyntax No ip igmp filter profile-number Syntax Ip igmp max-groups action replace deny Ip igmp max-groups action Show ip igmp profile Show ip igmp filterSyntax Show ip igmp filter interface interface Syntax Show ip igmp profile profile-number Syntax Show ip igmp throttle interface interface Show ip igmp throttle interface 79 Multicast Vlan Registration Commands Function Mode Multicast Vlan Registration Commands305 Multicast groups assigned to the MVR Vlan Mvr Interface Configuration 306 Show mvr Following shows the global MVR settingsSyntax Show mvr interface interface members ip-address 80 show mvr display description 82 show mvr members display description 81 show mvr interface display description 83 IP Interface Commands Function Mode IP Interface CommandsIp address 310 Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayGateway IP address of the default gateway Following example defines a default gateway for this device This command displays the settings of an IP interface This command submits a Bootp or Dhcp client requestIp dhcp restart Show ip interface This command has no default for the host Ip default-gateway4-310Show ip redirects Ping 84 IP Source Guard Commands Function Mode IP Source Guard CommandsIp source-guard Syntax Ip source-guard sip sip-macno ip source-guard 314 No configured entries This example enables IP source guard on portIp source-guard binding No ip source-guard binding mac-addressvlan vlan-id Show ip source-guard This command shows the source guard binding tableShow ip source-guard binding Ip source-guard4-313 ip dhcp snooping Ip dhcp snooping vlan 85 Dhcp Snooping Commands Function Mode Dhcp Snooping CommandsSyntax No ip dhcp snooping Default Setting Ip dhcp snooping 318 This example enables Dhcp snooping for Vlan This example enables Dhcp snooping globally for the switchIp dhcp snooping vlan Ip dhcp snooping vlan 4-319 ip dhcp snooping trust Ip dhcp snooping trust Syntax No ip dhcp snooping trust Default Setting Ip dhcp snooping information option This example enables MAC address verificationIp dhcp snooping verify mac-address Replace This example enables the Dhcp Snooping Information OptionIp dhcp snooping information policy Show ip dhcp snooping This command shows the Dhcp snooping configuration settingsIp dhcp snooping database flash 86 Switch Cluster Commands Function Mode IP Cluster CommandsSyntax No cluster Default Setting Show ip dhcp snooping binding Syntax No cluster commander Default Setting Cluster commander Cluster member Cluster ip-poolSyntax Cluster ip-pool ip-addressno cluster ip-pool 10.254.254.1 Syntax Rcommand id member-id RcommandMember-id- The ID number of the Member switch. Range This command shows the switch clustering configuration Show cluster candidates This command shows the current switch cluster membersShow cluster members Software Features Appendix a Software Specifications Groups 1, 2, 3, 9 Statistics, History, Alarm, Event Management FeaturesStandards Igmp RFC 1112 IGMPv2 RFC Management Information Bases a Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Boot Protocol Bootp Access Control List ACLClass of Service CoS Differentiated Services Code Point Service Dscp Generic Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol Garp Igmp Query Igmp SnoopingInternet Group Management Protocol Igmp In-Band Management Port Authentication Multicast SwitchingRemote Authentication Dial-in User Service Radius Network Time Protocol NTP Simple Network Management Protocol Snmp Secure Shell SSHSimple Network Time Protocol Sntp Spanning Tree Algorithm STA XModem Virtual LAN Vlan Numerics Index Index Link Layer Discovery Protocol See Index-4 Index-5 LLDP-MED TLV Type Length Value See alsoPage ES3528M-SFP E122007-DG-R01 149100035500A

Figure 3-65 MAC Authentication Port Configuration

4-166

4-123

Access Control Lists