Extended ACL

4 Command Line Interface

Syntax

[no] {permit deny} [protocol-number udp] {any source address-bitmask host source}

{any destination address-bitmask host destination}

[source-port sport [end]] [destination-port dport [end]]

[no] {permit deny} tcp

{any source address-bitmask host source}

{any destination address-bitmask host destination}

[source-port sport [end]] [destination-port dport [end]]

•protocol-number– A specific protocol number. (Range: 0-255)

•source – Source IP address.

•destination – Destination IP address.

•address-bitmask– Decimal number representing the address bits to match.

•host – Keyword followed by a specific IP address.

•sport – Protocol17 source port number. (Range: 0-65535)

•dport – Protocol17 destination port number. (Range: 0-65535)

•end – Upper bound of the protocol port range. (Range: 0-65535)

Default Setting

None

Command Mode

Command Usage

•All new rules are appended to the end of the list.

•Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.

Example

This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any

Console(config-ext-acl)#

17. Includes TCP, UDP or other protocol types.

4-142

Page 438

Image 438

Accton Technology ES3528M-SFP manual Any destination address-bitmask host destination, Extended ACL

Contents

Powered by Accton Page Fast Ethernet Switch ES3528M-SFP E122007-DG-R01 149100035500A Installation Guide About This GuidePage Contents Page Iii Page Contents Command Line Interface Vii Viii Contents Page Contents Xii Xiii Xiv Contents Appendix a Software Specifications Xvi Appendix B Troubleshooting Glossary IndexXvii Xviii Tables XixPage Xxi Xxii Figures Xxiii Figures Xxiv Xxv Xxvi Key Features Key FeaturesFeature Description Description of Software Features Introduction Description of Software Features Introduction Description of Software Features Function Parameter Default System DefaultsSystem Defaults Password super System Defaults Function Parameter Client Enabled Clock Synchronization Disabled NTP Connecting to the Switch Configuration Options Initial Configuration Required Connections Basic Configuration Remote ConnectionsConsole Connection Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Enabling Snmp Management Access Trap Receivers 152154 159 Saving Configuration SettingsConfiguring Access for Snmp Version 3 Clients 160 Managing System Files Initial Configuration Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Button Configuration Options ActionPanel Display Revert Apply Help Main Menu Main Menu DescriptionSystem System Information Radius Group Settings TACACS+ Group SettingsHttps Settings Configures secure Http settings 107 116 149 155802.1Q Vlan 155 164 159Current Table 176 187 Port on this switch Remote Trunk InformationRemote Port Information 190 225 Static Multicast Router Port217 233 245 Configuration Enables Upnp and defines timeout values Displaying System Information Field Attributes Main Board Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Management Software Web Click System, Switch Information Switch Information Bridge Extension Configuration Displaying Bridge Extension Capabilities Command Attributes Setting the Switch’s IP AddressCLI Enter the following command 239 166 309310 Using DHCP/BOOTP 311 Enabling Jumbo Frames Managing Firmware Downloading System Software from a Server Copy Firmware Saving or Restoring Configuration Settings 11 Deleting Files Downloading Configuration Settings from a Server 12 Downloading Configuration Settings for Startup Console Port Settings 13 Setting the Startup Configuration Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Basic Configuration Displaying Log Messages Configuring Event LoggingSystem Log Configuration CLI This example shows the event message stored in RAM Error resource exhausted Logging LevelsLevel Severity Name Description Remote Log Configuration Simple Mail Transfer Protocol 18 Remote Logs 19 Enabling and Configuring Smtp Resetting the System 20 Resetting the System Setting the System Clock Setting the Time ManuallyConfiguring Sntp Configuring NTP 21 Sntp Configuration 22 NTP Client Configuration Setting the Time Zone 23 Setting the System Clock Simple Network Management Protocol Level Group Read View Write View Notify View Security Setting Community Access StringsSNMPv3 Security Models and Levels User defined Access Mode Specifying Trap Managers and Trap Types Enabling Snmp Agent Status 156 Configuring SNMPv3 Management Access Setting the Local Engine IDWeb Click SNMP, Agent Status Configuring SNMPv3 Users Specifying a Remote Engine IDWeb Click SNMP, SNMPv3, Engine ID Configuring the Switch Configuring Remote SNMPv3 Users 29 Configuring SNMPv3 Users Configuring SNMPv3 Groups 30 Configuring Remote SNMPv3 Users Supported Notification Messages Private Traps SwPowerStatus 6.1.4.1.259.8.1.4.2.1.0.1Rmon Events ChangeTrap SwIpFilterRejectTrap 6.1.4.1.259.8.1.4.2.1.0.40 Setting SNMPv3 Views 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views User Authentication Configuring User Accounts 33 Access Levels Configuring Local/Remote Logon Authentication Command Usage Radius Settings Tacacs Settings 34 Authentication Settings 100 101 Configuring Encryption Keys Command Attributes Radius SettingsTACACS+ Settings AAA Authorization and Accounting 102 Configuring AAA Radius Group SettingsConfiguring AAA TACACS+ Group Settings 103 Configuring AAA Accounting 37 AAA TACACS+ Group Settings 38 AAA Accounting Settings AAA Accounting Update AAA Accounting 802.1X Port Settings106 AAA Accounting Exec Command Privileges 107 41 AAA Accounting Exec Command Privileges 108 AAA Accounting Summary AAA Accounting Exec SettingsAAA Accounting Summary AAA Accounting Statistics Summary Web Click Security, AAA, Summary 110 Authorization Settings 44 AAA Authorization Settings Authorization Exec Settings Authorization Summary109 Configuring Https Https System Support Web Browser Operating System Replacing the Default Secure-site Certificate 47 Https Settings Configuring the Secure Shell Address server ip-address Command Usage Authenticating SSH v1.5 Clients Authenticating SSH v2 Clients Configuring the SSH Server SSH server includes basic settings for authentication Generating the Host Key Pair 50 SSH Host-Key Settings Importing User Public Keys User Authentication 51 SSH User Public-Key Settings END SSH2 Public KEY Configuring Port Security Configuring 802.1X Port Authentication 111 Configuring the Switch 802.1X protocol provides client authentication Displaying 802.1X Global SettingsConfiguring 802.1X Global Settings CLI This example shows the default global setting for Configuring Port Settings for CLI This example enables 802.1X globally for the switch113 55 802.1X Port Configuration 114 116117 Displaying 802.1X Statistics 802.1X StatisticsParameter Description Web Authentication CLI This example displays the 802.1X statistics for port Configuring Web Authentication 57 Web Authentication Configuration Configuring Web Authentication for Ports Displaying Web Authentication Port Information 137 Re-authenticating Web Authenticated Ports Web Click Security, Web Authentication, Port Information Network Access MAC Address Authentication 136 Web Click Security, Network Access, Configuration Configuring the MAC Authentication Reauthentication TimeConfiguring MAC Authentication for Ports Mode Enables MAC authentication on a port. Default None 62 Network Access Port Configuration Configuring Port Link Detection CLI This example configures MAC authentication for port 63 Network Access Port Link Detection Configuration Displaying Secure MAC Address Information Port Indicates the port being configured MAC AuthenticationConfiguring MAC authentication parameters for ports 129 Access Control Lists 123 Configuring Access Control Lists Setting the ACL Name and Type Configuring a Standard IP ACL CLI This example creates a standard IP ACL named david140 Configuring an Extended IP ACL 141 103 68 Configuring Extended IP ACLs Configuring a MAC ACL Binding a Port to an Access Control List 146 Filtering IP Addresses for Management Access 143 108 CLI This example allows Snmp access for a specific client 71 Creating an IP Filter List Port Configuration Displaying Connection StatusField Attributes Web Basic Information ConfigurationField Attributes CLI Current Status Configuring Interface Connections CLI This example shows the connection status for Port173 168 167171 170 Creating Trunk Groups Statically Configuring a Trunk 74 Configuring Static Trunks Enabling Lacp on Selected Ports 181 75 Lacp Trunk Configuration Configuring Lacp Parameters Dynamically Creating a Port Channel182 76 Lacp Port Configuration Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Field Description 77 Lacp Port Counters Information CLI The following example displays Lacp counters Displaying Lacp Settings and Status for the Local Side Lacp Internal Configuration Information 78 Lacp Port Internal Information Displaying Lacp Settings and Status for the Remote Side 79 Lacp Port Neighbors Information Setting Broadcast Storm Thresholds 172 175 Configuring Port Mirroring 177 Configuring Rate Limits Rate Limit Configuration179 Showing Port Statistics 11 Port Statistics Etherlike StatisticsRmon Statistics Formed Oversize Frames Formed Fragments 83 Port Statistics CLI This example shows statistics for port Address Table SettingsSetting Static Addresses 174 Displaying the Address Table 190 85 Configuring a Dynamic Address Table 191 CLI This example sets the aging time to 300 seconds Spanning Tree Algorithm ConfigurationChanging the Aging Time 192 Designated Root Port Bridge Displaying Global Settings 139 87 Displaying Spanning Tree Information 235 Configuring Global Settings Global settings apply to the entire switchBasic Configuration of Global Settings Root Device Configuration Configuration Settings for Rstp Configuration Settings for Mstp 88 Configuring Spanning Tree Displaying Interface Settings AD B 89 Displaying Spanning Tree Port Information Configuring Interface Settings CLI This example shows the STA attributes for port 148 Configuring Multiple Spanning Trees CLI This example sets STA attributes for port 223 225224 Displaying Interface Settings for Mstp MST Instance ID Instance identifier to configure. Default 92 Displaying Mstp Interface Settings Configuring Interface Settings for Mstp 154 Vlan Configuration Ieee 802.1Q VLANsCLI This example sets the Mstp attributes for port Assigning Ports to VLANs Port-based Vlan Enabling or Disabling Gvrp Global Setting CLI This example enables Gvrp for the switchForwarding Tagged/Untagged Frames Command Attributes Web Displaying Basic Vlan InformationDisplaying Current VLANs 96 Displaying Current VLANs Command Attributes CLI Creating VLANs 250 242 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan 243 163 Adding Static Members to VLANs Port Index 248 Configuring Vlan Behavior for Interfaces 100 Configuring VLANs per Port Configuring Ieee 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Uplink Port Enabling QinQ Tunneling on the Switch Configuration Limitations for QinQGeneral Configuration Guidelines for QinQ 101 802.1Q Tunnel Status and Ethernet Type 251 CLI This example sets the switch to operate in QinQ modeAdding an Interface to a QinQ Tunnel 253 Private VLANs 252 Displaying Current Private VLANs Configuring Private VLANs 103 Private Vlan Information Associating VLANs Each community Vlan must be associated with a primary Vlan256 Displaying Private Vlan Interface Information 106 Private Vlan Port Information Configuring Private Vlan Interfaces 259 257 Protocol Vlan Group ConfigurationProtocol VLANs 258 Protocol Vlan System Configuration 261 Link Layer Discovery Protocol Setting Lldp Timing AttributesWeb Click VLAN, Protocol VLAN, System Configuration 262 182 197 Configuring Lldp Interface Attributes195 198 184 111 Lldp Port Configuration Displaying Lldp Local Device Information Displaying Lldp Remote Port Information 212 Displaying Lldp Remote Information Details 213 Displaying Device Statistics 115 Lldp Device Statistics Displaying Detailed Device Statistics 116 Lldp Device Statistics Details Class of Service Configuration Layer 2 Queue SettingsSetting the Default Priority for Interfaces Mapping CoS Values to Egress Queues Port Priority ConfigurationCLI This example assigns a default priority of 5 to port 265 Priority Level Traffic Type 12 Mapping CoS Values to Egress Queues13 CoS Priority Levels Background Enabling CoS 267269 Web Click Priority, Traffic Classes Status Selecting the Queue ModeSetting the Service Weight for Traffic Classes 268 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Switch allows you to enable or disable the IP Dscp priority Enabling IP Dscp Priority IP Dscp Value CoS Value Mapping Dscp Priority14 Mapping Dscp Priority Values 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Quality of Service 270271 Class map is used for matching packets to a specified class Configuring Quality of Service ParametersConfiguring a Class Map Class Map Class Configuration Match Class Settings 273 274 Policy Configuration Creating QoS PoliciesPolicy Map Policy Rule Settings Class Settings Policy Options 125 Configuring Policy Maps 276 Attaching a Policy Map to Ingress Queues275 277 VoIP Traffic Configuration Configuring VoIP Traffic Configuring VoIP Traffic Port 281282 128 VoIP Traffic Port Configuration 284 Configuring Telephony OUI283 285 129 Telephony OUI List Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 214 Enabling Igmp Immediate Leave Displaying Interfaces Attached to a Multicast Router 290 Specifying Static Interfaces for a Multicast Router 132 Displaying Multicast Router Port Information Displaying Port Members of Multicast Services 133 Static Multicast Router Port Configuration Assigning Ports to Multicast Services 134 IP Multicast Registration Table Igmp Filtering and Throttling 291 Enabling Igmp Filtering and Throttling 136 Enabling Igmp Filtering and Throttling Configuring Igmp Filter Profiles 298302 Configuring Igmp Filtering and Throttling for Interfaces Only one profile can be assigned to an interface299 138 Igmp Filter and Throttling Port Configuration 301 Multicast Vlan Registration300 303 Configuring Global MVR Settings General Configuration Guidelines for MVR Displaying MVR Interface Status 304 Displaying Port Members of Multicast Groups 307 Configuring MVR Interface Status Web Click MVR, Group IP Information 142 MVR Port Configuration Assigning Static Multicast Groups to Interfaces 305 Dhcp Snooping Web Click Dhcp Snooping, Configuration Dhcp Snooping ConfigurationDhcp Snooping Vlan Configuration Enables Dhcp snooping on the specified Vlan CLI This example first enables Dhcp Snooping for Vlan Dhcp Snooping Information Option ConfigurationWeb Click Dhcp Snooping, Vlan Configuration 319 Dhcp Snooping Port Configuration Web Click Dhcp Snooping, Information Option Configuration322 Dhcp Snooping Binding Information 320324 IP Source Guard Port Configuration IP Source Guard Static IP Source Guard Binding Configuration 313316 Web Click IP Source Guard, Static Configuration Dynamic IP Source Guard Binding Information IP Clustering Web Click IP Source Guard, Dynamic Information Cluster Configuration 152 Cluster Member Choice Adds Candidate switches to the cluster as Members Cluster Member ConfigurationWeb Click Cluster, Configuration 325 Cluster Candidate Information Displays current cluster Member switch informationCluster Member Information 328 Web Click Cluster, Candidate Information 156 Cluster Candidate Information UPnP 215 216217 Using the Command Line Interface Accessing the CLI Telnet Connection Getting Help on Commands Entering CommandsCommand Completion Keywords and Arguments Showing Commands Lldp Understanding Command Modes Negating the Effect of CommandsUsing Command History Partial Keyword Lookup Exec Commands Command Modes Consoleconfig-if# 166 Configuration CommandsConfiguration Modes Command Prompt Vlan database Consoleconfig-vlan 242 Consoleconfig#interface ethernet 1/5 Consoleconfig-if#exit Command Line Processing Command Line ProcessingKeystroke Function Command Groups Command Groups Description Line Commands Line Commands Function Mode Login Line Syntax Password 0 7 password no password PasswordUsername 4-38 password No password is specified Timeout login response Exec-timeout Password-thresh Syntax Exec-timeout seconds no exec-timeoutSyntax Password-thresh threshold no password-thresh Silent-time DatabitsSyntax Silent-time seconds no silent-time Parity Syntax Databits 7 8 no databitsSyntax Parity none even odd no parity Syntax Speed bps no speed SpeedStopbits Syntax Stopbits 1 Syntax Disconnect session-id DisconnectShow line Syntax Show line console vty General Commands Function Mode General CommandsEnable Syntax Enable level Enable DisableDisable Enable password Level Configure Show historyEnd Reload Reload cancelSyntax Reload cancel Syntax Reload in hour hours minute minutes Show reload Syntax Show reload Default SettingThis command returns to Privileged Exec mode End Exit This command exits the configuration programThis example shows how to quit a CLI session Quit System Management Commands Device Designation CommandsPrompt Hostname Banner Commands Function ModeBanner Syntax Hostname name no hostname Banner configure Syntax Banner configure Default Setting Banner configure company Name The name of the company. Maximum length 32 characters Banner configure dc-power-info Banner configure department Banner configure equipment-info Banner configure equipment-location Banner configure ip-lan Banner configure lp-number Lp-num- The LP number. Maximum length 32 characters Banner configure manager-info Banner configure muxSyntax Banner configure mux muxinfo Banner configure note No banner configure mux This command displays all banner information Syntax Show banner Default SettingShow banner 11 Default Login Settings Username Access-level Password User Access Commands10 User Access Commands Function Mode Username Enable password Default is level Default password is super IP Filter Commands 12 IP Filter Commands Function ModeManagement Show management Web Server Commands Ip http portIp http server Ip http port Syntax No ip http secure-server Default SettingIp http secure-server 14 Https System Support Web Browser Operating System Portnumber The UDP port used for HTTPS. Range Ip http secure-portIp http secure-port4-44 Copy tftp https-certificate Ip http secure-server4-43 Telnet Server Commands Ip telnet portIp telnet server Ip telnet port Secure Shell Commands16 SSH Commands Function Mode Sets the SSH server key size Copy tftp public-key System Management Commands Syntax No ip ssh server Default Setting Ip ssh serverIp ssh crypto host-key generate 4-51 show ssh Syntax Ip ssh timeout seconds no ip ssh timeout Ip ssh timeoutIp ssh authentication-retries Exec-timeout4-15 show ip ssh Ip ssh server-key size Delete public-keySyntax Delete public-key username dsa rsa Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh crypto host-key generateIp ssh crypto zeroize Syntax Ip ssh crypto zeroize dsa rsa Ip ssh save host-key Show ip sshSyntax Ip ssh save host-key dsa rsa Show ssh 17 show ssh display descriptionTerminology Username Name of an SSH user. Range 1-8 characters Show public-keySyntax Show public-key user username host Shows all public keys Syntax No logging on Default Setting Event Logging Commands18 Event Logging Commands Function Mode Logging on Flash errors level 3 RAM warnings level 6 Logging history19 Logging Levels Syntax No logging host hostipaddress Logging hostLogging facility Hostipaddress The IP address of a syslog server Syntax Logging trap level no logging trap Logging trapClear logging Syntax Clear logging flash ram Show logging Syntax Show logging flash ram sendmail trap20 show logging flash/ram display description Syntax Show log flash ram login tail Facility commandLogging trap command Show log Logging sendmail host Smtp Alert Commands22 Smtp Alert Commands Function Mode Following example shows sample messages stored in RAM Logging sendmail level Syntax Logging sendmail level level Syntax No logging sendmail source-email email-address Logging sendmail source-emailLogging sendmail destination-email This example will set the source email john@acme.com Syntax No logging sendmail Default Setting Logging sendmailShow logging sendmail Syntax No sntp client Default Setting Time Commands23 Time Commands Function Mode Sntp client Sntp server Sntp server 4-66 sntp poll 4-67 show sntpSyntax Sntp server ip1 ip2 ip3 Sntp client 4-65 sntp poll 4-67 show sntp Sntp pollShow sntp Syntax Sntp poll seconds no sntp poll Syntax No ntp client Default Setting Ntp clientSntp client 4-65 ntp poll 4-70 ntp server Version number Ntp serverSyntax Ntp client 4-68 ntp poll 4-70 show ntp Ntp poll Ntp authenticateSyntax No ntp authenticate Default Setting Syntax Ntp poll seconds no ntp poll Ntp authentication-key Ntp authentication-key4-71 Show ntp Clock timezone-predefinedGMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London Clock timezone Clock summer-time date No clock summer-time 235959, Sunday, Week 5 of March 60 min Europe Clock summer-time predefinedAustralia 235959, Sunday, Week 3 of March 60 min Clock summer-time recurring Show calendar This command displays the system clockCalendar set Calendar set hour min sec day month year month day year System Status Commands Show startup-config25 System Status Commands Function Mode Show running-config Show running-config4-79 Command Line Interface Show startup-config4-78 This command displays system information Show systemShow users Show version Jumbo frame Enables support for jumbo frames Frame Size Commands26 Frame Size Commands Function Mode Syntax No jumbo frame Default Setting Copy Flash/File Commands27 Flash/File Commands Function Mode Copy None Following example shows how to download a configuration file Delete unit filename This command deletes a file or imageDelete Dir Delete public-key4-50 28 File Directory Information Syntax Dir unit boot-rom config opcode filenameDir Column Heading Description Syntax whichboot unit WhichbootBoot system Syntax Boot system unit boot-romconfig opcode filename Dir 4-89 whichboot Authentication CommandsAuthentication Sequence 29 Authentication Commands Command Group Function Authentication login Username for setting the local user names and passwordsLocal Authentication enable Enable password sets the password for changing command modes 31 Radius Client Commands Function Mode Show radius-server Shows the current Radius settingsRadius Client Radius-server host Default Setting Auth-portRetransmit Command Mode Radius-server acct-port Radius-server auth-port Radius-server keySyntax Radius-server key keystring no radius-server key Radius-server timeout Radius-server retransmitShow radius-server TACACS+ Client 32 Tacacs Commands Function ModeShow tacacs-server Shows the current TACACS+ settings 101 Tacacs-server host Tacacs-server key Default Setting PortTacacs-server port Syntax Tacacs-server port portnumber no tacacs-server port Tacacs-server timeout Tacacs-server retransmitSyntax Tacacs-server key keystring no tacacs-server key Show tacacs-server Aaa group server AAA Commands33 AAA Commands Function Mode Syntax No aaa group server radius tacacs+ group-name Aaa accounting dot1x Server Group ConfigurationServer No server index ip-address Accounting is not enabled No servers are specified Command Usage ExampleAaa accounting exec Aaa accounting commands Minute Accounting dot1x Interface ConfigurationSyntax Accounting exec default list-nameno accounting exec Accounting exec Accounting commands Aaa authorization exec Authorization exec Authorization is not enabled No servers are specified Ethernet unit/port Show accountingInterface Unit Stack unit. Range Port Port number. Range Status Disabled Action None Maximum Addresses Port Security Commands34 Port Security Commands Function Mode Interface Configuration Ethernet 802.1X Port Authentication 35 802.1X Port Authentication Command Function Mode 117 Be re-authenticated Dot1x timeout tx-period Dot1x defaultAcquire a new client Dot1x timeout re-authperiod Syntax No dotx system-auth-control Default Setting Dot1x port-control Default Command ModeDot1x max-req Syntax Dot1x max-req count no dot1x max-req Dot1x operation-mode Dot1x re-authenticateSyntax Dot1x re-authenticate interface Single-host Syntax No dot1x re-authentication Command Mode Dot1x re-authenticationDot1x timeout quiet-period Seconds The number of seconds. Range Dot1x timeout re-authperiod Dot1x timeout tx-period Block-traffic Dot1x intrusion-actionShow dot1x Syntax Show dot1x statistics interface interface Authenticator State Machine Backend State Machine Reauthentication State Machine State Current state including initialize, reauthenticate Max-mac-count Interface Mac-authentication Network-access mode36 Network Access Command Function Mode Syntax No network-access mode mac-authentication Network-access max-mac-count Interface Config Mac-authentication intrusion-actionMac-authentication max-mac-count 2048 Syntax No network-access dynamic-qos Default Setting Network-access dynamic-qosNetwork-access dynamic-vlan Syntax No network-access dynamic-vlan Default Setting Following example enables dynamic Vlan assignment on port Network-access guest-vlanNetwork-access link-detection No network-access link-detection Network-access link-detection link-down Network-access link-detection link-up Network-access link-detection link-up-down Mac-authentication reauth-time1800 Syntax Show network-access interface interface Clear network-accessShow network-access Unit This is unit Port Port number. Range Show network-access mac-address-table Displays the settings for all interfacesDisplays all filters 37 Web Authentication Command Function Mode Login-success-page-url Successful web authentication Web-auth login-attempts Web-auth login-fail-page-urlLogin attempts Web-auth login-page-url Web-auth login-success-page-urlSwitch-generated login Web-auth session-timeout Web-auth quiet-period No web-auth system-auth-control Web-auth system-auth-controlWeb-auth No web-auth This command displays global web authentication parameters Show web-authShow web-auth interface Web-auth re-authenticate Port Web-auth re-authenticate IP Show web-auth summary Show web-auth summary 138 Access Control List Commands Access Control Lists38 Access Control Lists Command Groups Function Syntax No access-list ip standard extended aclname Access-list ip39 IP ACLs Command Function Mode IP ACLs Syntax No permit deny any source bitmask host source Permit, deny Ip access-group4-143 show ip access-list4-143Access-list ip Standard ACL Any destination address-bitmask host destination Source-port sport end destination-port dport endExtended ACL Syntax Show ip access-list standard extended aclname Show ip access-listIp access-group Syntax No ip access-group aclname This command shows the ports assigned to IP ACLs Show ip access-groupShow ip access-list4-143 40 MAC ACL Commands Function Mode Access-list mac Syntax No access-list mac aclnameAclname Name of the ACL. Maximum length 16 characters Permit, deny MAC ACL Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Permit, deny Mac access-group4-148 Syntax Mac access-group aclname Mac access-groupShow mac access-group Show mac access-list4-147 41 ACL Information Command Function Mode Show access-listShow access-group ACL Information Snmp Commands 42 Snmp Commands Function Mode Syntax No snmp-server Default Setting Snmp-serverShow snmp Snmp-server community Syntax Snmp-server contact string no snmp-server contact Snmp-server contactSnmp-server location Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Notification Type Traps Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This command shows the Snmp engine ID This example shows the default engine IDShow snmp engine-id Examples Defaultview includes access to the entire MIB treeSnmp-server view This view includes MIB-2 Snmp-server group This command shows information on the Snmp viewsShow snmp view 44 show snmp view display description Show snmp group 162 Snmp-server user 45 show snmp group display description 164 This command shows information on Snmp users Show snmp user46 show snmp user display description Interface Interface Commands47 Interface Commands Function Mode Port-channel channel-idRange Description Speed-duplexSyntax Description string no description Syntax No negotiation Default Setting NegotiationNegotiation 4-168 capabilities Following example configures port 11 to use autonegotiation CapabilitiesCapabilities 4-169speed-duplex4-167 Syntax No flowcontrol Default Setting FlowcontrolNegotiation 4-168speed-duplex4-167 flowcontrol Syntax No shutdown Default Setting Shutdown Clear counters Switchport packet-ratePort-channel channel-idRange Default Setting Syntax Clear counters interface Following example clears statistics on port This command displays the status for an interfaceShow interfaces status Syntax Show interfaces status interface Syntax Show interfaces counters interface This command displays interface statisticsShow interfaces counters Shows the counters for all interfaces Show interfaces switchport Syntax Show interfaces switchport interfaceShows all interfaces 48 Interfaces Switchport Statistics Port monitor Mirror Port Commands49 Mirror Port Commands Function Mode Interface ethernet unit/port source port Show port monitor This command displays mirror informationFollowing shows mirroring configured from port 6 to port Syntax Show port monitor interface Rate-limit Configures the maximum input rate for a port 179 Rate Limit Commands50 Rate Limit Commands Function Mode Rate-limit 185 Link Aggregation Commands51 Link Aggregation Commands 173 General Guidelines Channel-groupGuidelines for Creating Trunks Dynamically Creating a Port Channel Syntax No lacp Default Setting LacpFollowing example creates trunk 1 and then adds port Lacp system-priority 32768 Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Interface Configuration Port Channel This command displays Lacp information Lacp port-priorityShow lacp Type Port Channel all52 show lacp counters display description LACPDUs Illegal Pkts 53 show lacp internal display description 54 show lacp neighbors display description 55 show lacp sysid display description Mac-address-table static Address Table Commands56 Address Table Commands Function Mode Action Clear mac-address-table dynamic Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Mac-address-table aging-time Sort Sort by address, vlan or interface Show mac-address-table aging-time Lldp Commands57 Lldp Commands Function Mode 196 Mac-phy Physical layer specifications Lldp dot3-tlv Vlan ID Lldp holdtime-multiplier Syntax no lldp Default SettingLldp Holdtime multiplier TTL 4*30 = 120 seconds Syntax Lldp medfaststartcount packets Lldp medFastStartCountLldp notification-interval Packets Syntax Lldp refresh-interval seconds no lldp refresh-delay Lldp refresh-interval Syntax Lldp reinit-delay seconds no lldp reinit-delay Lldp reinit-delayLldp tx-delay Syntax Lldp tx-delay seconds no lldp tx-delay Lldp notification Lldp admin-statusSyntax No lldp notification Default Setting Tx-rx Syntax No lldp mednotification Default Setting Lldp mednotification Lldp basic-tlv management-ip-address Lldp basic-tlv port-description Syntax No lldp basic-tlv port-description Default Setting Lldp basic-tlv system-capabilitiesLldp basic-tlv system-description Lldp basic-tlv system-name Syntax No lldp basic-tlv system-description Default SettingSyntax No lldp basic-tlv system-name Default Setting Lldp dot1-tlv proto-ident Lldp dot1-tlv proto-vid Syntax No lldp dot1-tlv proto-vid Default SettingNo lldp dot1-tlv proto-ident Lldp dot1-tlv pvid Lldp dot3-tlv link-agg Lldp dot1-tlv vlan-nameNo lldp dot1-tlv vlan-name No lldp dot3-tlv link-agg Lldp dot3-tlv max-frame Syntax No lldp dot3-tlv mac-phy Default SettingLldp dot3-tlv mac-phy Syntax No lldp dot3-tlv max-frame Lldp medtlv extpoe Syntax No lldp dot3-tlv poe Default SettingLldp dot3-tlv poe Syntax No lldp medtlv extpoe Lldp medtlv location Lldp medtlv inventoryNo lldp medtlv inventory No lldp medtlv location Lldp medtlv network-policy Lldp medtlv med-capNo lldp medtlv med-cap No lldp medtlv network-policy Detail Shows configuration summary Show lldp configSyntax Show lldp config detail interface Port-channel channel-idRange Command Mode 211 Show lldp info local-device Syntax Show lldp info local-device detail interfaceDetail Shows detailed information Syntax Show lldp info remote-device detail interface Show lldp info remote-deviceShow lldp info statistics Syntax Show lldp info statistics detail interface 214 Syntax No upnp device Default Setting UPnP CommandsUPnP Commands Function Mode Upnp device Syntax Upnp device ttl value Upnp device ttlUpnp device advertise duration Following example, the TTL is set to Spanning Tree Commands 58 Spanning Tree Commands Function ModeShow upnp Syntax No spanning-tree Default Setting Spanning tree is enabledSpanning-tree Spanning-tree mode Rstp Spanning-tree forward-time Spanning-tree hello-time Spanning-tree max-age Spanning-tree priority Spanning-tree pathcost methodSyntax Spanning-tree pathcost method long short Spanning-tree mst-configuration Spanning-tree transmission-limitNo spanning-tree pathcost method MST Configuration Mst vlanNo mst instanceid vlan vlan-range Mst instanceid priority priority no mst instanceid priority Mst priorityName Syntax Name name Syntax Revision number RevisionMax-hops Number Revision number of the spanning tree. Range This example disables the spanning tree algorithm for port Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting Spanning-tree cost Spanning-tree port-priority Priority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-port Default Setting Spanning-tree edge-port Syntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-treeedge-port4-229 Spanning-tree link-type Spanning-tree loopback-detectionAuto Spanning-tree loopback-detection release-mode Spanning-tree loopback-detection trap Spanning-tree mst cost Spanning-tree mst port-priority Spanning-tree mst port-priority4-234 Syntax Spanning-tree protocol-migration interface Spanning-tree protocol-migrationShow spanning-tree Syntax Show spanning-tree interface mst instanceid Mstp Show spanning-tree mst configuration 59 VLANs Command Groups Function Vlan CommandsGvrp and Bridge Extension Commands 60 Gvrp and Bridge Extension Commands Function Mode Syntax No bridge-ext gvrp Default Setting Bridge-ext gvrpShow bridge-ext Syntax No switchport gvrp Default Setting Switchport gvrpShow gvrp configuration Syntax Show gvrp configuration interface Garp timer Show garp timer Editing Vlan Groups Syntax Show garp timer interface61 Editing Vlan Groups Command Function Mode Vlan database Vlan By default only Vlan 1 exists and is activeVlan Database Configuration Show vlan Interface vlan Configuring Vlan Interfaces62 Configuring Vlan Interfaces Command Function Mode Interface vlan Switchport mode All ports are in hybrid mode with the Pvid set to VlanSwitchport acceptable-frame-types4-246 Switchport mode Switchport acceptable-frame-typesSwitchport ingress-filtering All frame types Switchport native vlan Switchport allowed vlan Switchport forbidden vlan No VLANs are included in the forbidden list 63 Show Vlan Commands Function Mode Displaying Vlan InformationShow vlan Dot1q-tunnel system-tunnel-control 64 Ieee 802.1Q Tunneling Commands Function ModeGeneral Configuration Guidelines for QinQ Syntax No dot1q-tunnel system-tunnel-control Switchport dot1q-tunnel mode Show dot1q-tunnel4-253 Show interfaces switchport Show dot1q-tunnel Switchport dot1q-tunnel tpidThis command displays information about QinQ tunnel ports 0x8100 65 Private Vlan Commands Configuring Private VLANsSwitchport dot1q-tunnel mode Edit Private Vlan Groups Private-vlan 65 Private Vlan Commands Function Mode Configure Private Vlan InterfacesDisplay Private Vlan Information Private-vlan Private vlan association Switchport mode private-vlan No private-vlan primary-vlan-idassociationNormal Vlan Switchport private-vlan host-association Switchport private-vlan isolatedIsolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan mapping Show vlan private-vlan Syntax Show vlan private-vlan community isolated primary Protocol-vlan protocol-group Configuring Groups 66 Protocol-based Vlan Commands Function Mode Protocol-vlan protocol-group Configuring VLANs No protocol groups are configuredNo protocol groups are mapped to any VLANs Show protocol-vlan protocol-group Show protocol-vlan protocol-group-vidSyntax Show protocol-vlan protocol-group group-id 67 Priority Commands Command Groups Function Priority CommandsPriority Commands Layer 68 Priority Commands Layer Function Mode Queue mode Switchport priority defaultSyntax Queue mode strict wrr no queue mode Queue bandwidth weight1...weight4 no queue bandwidth Weights 1, 2, 4, 8 are assigned to queues 0-3 respectivelyQueue bandwidth 69 Default CoS Values to Egress Queues Queue cos-mapQueue cos-mapqueueid cos1 ... cosn no queue cos-map This command shows the current queue mode Show queue modeFollowing example shows how to change the CoS assignments Show queue bandwidth 70 Priority Commands Layer 3 Function Mode Priority Commands Layer 3This command shows the class of service priority map Show queue cos-map Syntax No map ip dscp Default Setting Map ip dscp dscp-value cos cos-value no map ip dscp71 IP Dscp to CoS Vales IP Dscp Value CoS Value This command shows the IP Dscp priority map Show map ip dscpSyntax Show map ip dscp interface Quality of Service Commands 72 Quality of Service Commands Function Mode Class-map Syntax No class-map class-map-namematch-any Class Map Configuration MatchShow class map Policy-map No policy-mappolicy-map-name Policy Map Configuration ClassNo class class-map-name Police Policy Map Class ConfigurationSet Syntax No police rate-kbpsburst-byteexceed-action drop set Service-policy Syntax No service-policy input policy-map-nameNo policy map is attached to an interface Syntax Show class-map class-map-name Show class-mapShow policy-map Show policy-mappolicy-map-name class class-map-name Show policy-map interface Voice Vlan Commands73 Voice Vlan Commands Function Mode Syntax Show policy-map interface interface input Voice vlan Voice vlan voice-vlan-id no voice vlan Syntax Voice vlan aging minutes no voice vlan Voice vlan agingVoice vlan mac-address Minutes Switchport voice vlan Following example sets port 1 to Voice Vlan auto modeFollowing example adds a MAC OUI to the OUI Telephony list Syntax No switchport voice vlan rule oui lldp Switchport voice vlan ruleSwitchport voice vlan security OUI Enabled Lldp Disabled Priority-value- The CoS priority value. Range Switchport voice vlan priorityFollowing example enables security filtering on port Following example sets the CoS priority to 5 on port Show voice vlan Syntax Show voice vlan oui status 74 Multicast Filtering Commands Command Groups Function Multicast Filtering CommandsIgmp Snooping Commands 75 Igmp Snooping Commands Function Mode Ip igmp snooping Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Following configures the switch to use Igmp VersionSyntax No ip igmp snooping leave-proxy Default Setting Ip igmp snooping leave-proxy Ip igmp snooping immediate-leave Interface Configuration VlanFollowing shows how to enable immediate leave Syntax No ip igmp snooping immediate-leave vlan-id This command shows known multicast addresses This command shows the Igmp snooping configurationFollowing shows the current Igmp snooping configuration Show ip igmp snooping Syntax No ip igmp snooping querier Default Setting Igmp Query Commands Layer76 Igmp Query Commands Layer Function Mode Ip igmp snooping querier Ip igmp snooping query-interval Following shows how to configure the query count toIp igmp snooping query-count Times Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-time Static Multicast Routing Commands 77 Static Multicast Routing Commands Function ModeIp igmp snooping router-port-expire-time Syntax No ip igmp snooping vlan vlan-idmrouter interface Ip igmp snooping vlan mrouterShow ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-id Multicast router port types displayed include Static Igmp Filtering and Throttling Commands78 Igmp Filtering and Throttling Commands Function Mode 299 Syntax No ip igmp profile profile-number Syntax No ip igmp filter Default SettingIp igmp profile Profile-number- An Igmp filter profile number. Range Range Syntax Permit deny Default SettingPermit, deny No range low-ip-address high-ip-address Ip igmp max-groups Syntax No ip igmp filter profile-numberSyntax Ip igmp max-groups number no ip igmp max-groups Ip igmp max-groups action Syntax Ip igmp max-groups action replace deny Syntax Show ip igmp filter interface interface Show ip igmp filterShow ip igmp profile Syntax Show ip igmp profile profile-number Show ip igmp throttle interface Syntax Show ip igmp throttle interface interface 305 Multicast Vlan Registration Commands79 Multicast Vlan Registration Commands Function Mode Multicast groups assigned to the MVR Vlan Mvr Interface Configuration 306 Syntax Show mvr interface interface members ip-address Following shows the global MVR settingsShow mvr 80 show mvr display description 81 show mvr interface display description 82 show mvr members display description Ip address IP Interface Commands83 IP Interface Commands Function Mode 310 Gateway IP address of the default gateway Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Following example defines a default gateway for this device Ip dhcp restart This command submits a Bootp or Dhcp client requestThis command displays the settings of an IP interface Show ip interface Show ip redirects Ip default-gateway4-310This command has no default for the host Ping Ip source-guard IP Source Guard Commands84 IP Source Guard Commands Function Mode Syntax Ip source-guard sip sip-macno ip source-guard 314 Ip source-guard binding This example enables IP source guard on portNo configured entries No ip source-guard binding mac-addressvlan vlan-id Show ip source-guard binding This command shows the source guard binding tableShow ip source-guard Ip source-guard4-313 ip dhcp snooping Ip dhcp snooping vlan Syntax No ip dhcp snooping Default Setting Dhcp Snooping Commands85 Dhcp Snooping Commands Function Mode Ip dhcp snooping 318 Ip dhcp snooping vlan This example enables Dhcp snooping globally for the switchThis example enables Dhcp snooping for Vlan Ip dhcp snooping vlan 4-319 ip dhcp snooping trust Syntax No ip dhcp snooping trust Default Setting Ip dhcp snooping trust This example enables MAC address verification Ip dhcp snooping verify mac-addressIp dhcp snooping information option This example enables the Dhcp Snooping Information Option Ip dhcp snooping information policyReplace This command shows the Dhcp snooping configuration settings Ip dhcp snooping database flashShow ip dhcp snooping Syntax No cluster Default Setting IP Cluster Commands86 Switch Cluster Commands Function Mode Show ip dhcp snooping binding Cluster commander Syntax No cluster commander Default Setting Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster ip-poolCluster member 10.254.254.1 Member-id- The ID number of the Member switch. Range RcommandSyntax Rcommand id member-id This command shows the switch clustering configuration This command shows the current switch cluster members Show cluster membersShow cluster candidates Appendix a Software Specifications Software Features Standards Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Igmp RFC 1112 IGMPv2 RFC Management Information Bases Management Information Bases a Software Specifications Table B-1 Troubleshooting Chart Symptom Action Using System Logs Class of Service CoS Access Control List ACLBoot Protocol Bootp Differentiated Services Code Point Service Dscp Generic Multicast Registration Protocol Gmrp Garp Vlan Registration Protocol GvrpGeneric Attribute Registration Protocol Garp Group Attribute Registration Protocol Garp Internet Group Management Protocol Igmp Igmp SnoopingIgmp Query In-Band Management Remote Authentication Dial-in User Service Radius Multicast SwitchingPort Authentication Network Time Protocol NTP Simple Network Time Protocol Sntp Secure Shell SSHSimple Network Management Protocol Snmp Spanning Tree Algorithm STA Virtual LAN Vlan XModem Index Numerics Index Link Layer Discovery Protocol See Index-4 Index-5 Type Length Value See also LLDP-MED TLVPage ES3528M-SFP E122007-DG-R01 149100035500A

Accton Technology ES3528M-SFP Any destination address-bitmask host destination, Extended ACL

Models: ES3528M-SFP

4 Command Line Interface

{any destination address-bitmask host destination}

[source-port sport [end]] [destination-port dport [end]]

Default Setting

None

Extended ACL

Command Usage

Example