ACL Example, Permit denystandard | Accton Technology ES4710BD

ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Switch(Config)#ip access list extended udpFlow Switch(Config-Ext-Nacl-udpFlow)#deny igmp any-source any-destination Switch(Config-Ext-Nacl-udpFlow)#permit udp any-source host-destination 192.168.0.1 d-port 32

12.2.2.9permit deny(standard)

Command: {deny permit} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}} no {deny permit} {{<sIpAddr> <sMask>} any-source {host-source <sIpAddr>}}

Function: Creates a standard name-based IP access rule; the “no” form command deletes the name-based standard IP access rule

Parameters: <sIpAddr> is the source IP address in decimal format; <sMask> is the mask complement for source IP in decimal format.

Command Mode: named-based standard IP ACL configuration mode

Default: No IP address is configured by default.

Example: Allowing packets from 10.1.1.0/24 and denying packets from 10.1.1.0/16. Switch(Config)# ip access list standard ipFlow Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255 Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255

12.3ACL Example

Scenario 1:

The user has the following configuration requirement: port 1/10 of the switch connects to 10.0.0.0/24 segment, ftp is not desired for the user.

Configuration description:

1． Create a proper ACL

2． Configuring packet filtering function

3． Bind the ACL to the port

The configuration steps are listed below:

Switch(Config)#access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch(Config)#firewall enable

Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 1/10

275

Image 276

Accton Technology ES4710BD manual ACL Example, Permit denystandard, Scenario

Contents

Slots L2/L3/L4 Chassis Switch User’s Guide ES4710BD Preface Content Chapter Hardware Installation Chapter Setup Configuration Main Module Front Panel Basic Switch Configuration Configuring Switch Ipaddresses Switch Upgrade Chapter Device Management Port Configuration MAC Table Configuration MAC Address Function Extension Chapter Vlan Configuration Mstp Configuration Mstp Example Chapter ACL Configuration Chapter Port Channel Configuration Chapter Dhcp Configuration Sntp Configuration Commands 15.4 IP Forwarding Route Table 18.2.4 Ospf 404 18.4.1 445 Chapter Multicast Protocol Configuration 19.5 501 802.1X Configuration Vrrp Configuration 21.4.10 Configure Authentication String For Vrrp 546 Product Brief Product OverviewIntroduction Features „ IEEE802.1x Access Authentication „ Layer 3 Forwarding„ Layer 3 Routing Protocols „ QoS Main Features Technical specifications „ Protocols and Standards„ Management Protocols and Methods „ MIB Library Physical Specifications Hardware ComponentsChassis Board Rack Power Supply Ventilation and Cooling SystemIntroduction to ES4710BD cards Front Panel Indicator Panel Symbol Status Description2.1 EM4710BD-AGENT Front Panel Property Specification Front Panel Console PortFront Panel Management Port Front Panel Reset Button Panel Status Description Symbol2.2 EM4700BD-12GT-RJ45 Front Panel Swap Button Port Type Specification Front Panel Port Description2.3 EM4700BD-12GX-SFP EM4700BD-12GX-SFP Front Panel view 2.4 EM4700BD-2XG-XENPAK Panel Status Description Indicator Symbol Xenpak 2.5 EM-7600-ES and EM-7600-ES-2GB SFP 3 EM4710BD-AC and EM-7608-DC 3.1 EM4710BD-AC Alternating Current Power Module 3.2 EM-7608-DC Direct Current Power ModulePower module Front Panel Power Distribution Box System Backplane Fan TrayDust Gauze Rear Panel Side Panels System Features Flash Safety Information Hardware InstallationSafety Warning Hot Line Work Safety Guidelines ES4710BD 10 Slots L2/L3/L4 Chassis Switch Temperature and Humidity Requirements Site Requirements Dust and Particles Rack Configuration Preventing Electrostatic Discharge DamageAnti-interference Requirements Preparing for Installation Power Supply RequirementsChecking Switch Hardware Configuration and Accessories Hardware Installation Required Tools and UtilitiesItem No Part name Number Memo ES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch Installation Desktop installation Installation StepsRack-mounting ES4710BD Switch grounding Wearing an ESD Wrist Strap Card and module installation Proper groundingLightning protection grounding Electromagnetic compliance grounding Removing and Installing the Cards Removing and installing the Dust GauzeRemoving and Installing the Fan Tray Removing and Installing Power Supply Modules Connecting to the console Connecting to the Management Port SFP transceiver installationXenpak transceiver installation Power supply connection Connection procedure for fibers are listed belowCopper Cable/Fiber Cable Connection Ethernet cable connection ES4710BD 10 Slots L2/L3/L4 Chassis Switch Setup Configuration Setup ConfigurationMain Setup Menu Setup Submenu Configuring switch hostname Configuring Vlan1 Interface Telnet Server Configuration 器的状 Configuring Web Server Configuring Snmp 配置 Traps 主机 IP 地址和 Exiting Setup Configuration Mode Switch Management Management OptionsOut-of-band Management Device Name Description Type a name for opening HyperTerminal, such as Switch 5The HyperTerminal window appears SWITCH# In-band Management Management via Telnet Connect with Ethernet cable Switch#config SwitchConfig#telnet-user test password 0 test Telnet-user user password 07 password Managing the Switch through ECview Management Interface Configuration Modes User ModeCLI Interface Admin Mode Global ModeInterface Mode Vlan Mode Dhcp Address Pool ModeRoute Mode ACL Mode Configuration Syntax Shortcut Key SupportExtended Cmdtxt variable enum1 … enumN option Returned Information error Help functionInput verification Returned Information success Fuzzy match support Web Management Main Module Front Panel Basic Switch Configuration Commands Basic Switch ConfigurationConfig Enable Enable password Exec timeout Exit HelpIp host Set default HostnameReload Maintenance and Debug Commands SetupLanguage Write Telnet Introduction to Telnet Password Telnet Task SequenceIp-addr Telnet Commands MonitorTelnet Telnet-server enable Telnet-server securityipTelnet-user Related command ip host Command show clockTraceroute Show Show debugging Show flashShow history Show running-config Command show memoryCommand show running-config Show memory Show startup-config Show switchport interfaceCommand show startup-config Command show switchport interface ethernet interface-list Show telnet login Show tcpShow udp Show telnet user Show versionDebug Configuring Switch IP Addresses Configuring Switch IP Addresses Task SequenceSecondary Command deletes No ip address ipaddress mask Commands for Configuring Switch IP Addresses Ip address Ip bootp-client enableCommand ip bootp-client enable no ip bootp-client enable Configuring Snmp Ip dhcp-client enableIntroduction to Snmp Introduction to MIB Introduction to Rmon Configuring Snmp Snmp Configuration Task Sequence Snmp Configuration Commands RmonSnmp-server community Host-addr Snmp-server enable Snmp-server enable traps Typical Snmp Configuration Examples Command snmp-server host host-addr community-stringSnmp-server host Snmp-server securityip Snmp Troubleshooting Help Monitor and Debug Commands Command show snmpShow snmp Total number of Snmp packet inputs Command show snmp status Show snmp statusSystem name Switch Upgrade Snmp Troubleshooting HelpCommand debug snmp packet no debug snmp packet Debug snmp packet BootROM Upgrade Step 192.168.1.66 2 FTP/TFTP Upgrade Introduction to FTP/TFTP Other commands in BootROM mode 124 2.2 FTP/TFTP Configuration 2.2.1 FTP/TFTP Configuration Task Sequence Copy source-url destination-url ascii Dir ftpServerUrl 2.2.2 FTP/TFTP Configuration Commands Copy（FTP） Command copy source-urldestination-urlascii binaryNumber Interval Related command write Command dir ftp-server-url2.2.4 dir Ftp server ip address Ftp-server enable Ftp-server timeoutRelated command ip ftp Command ftp-server timeout seconds Ip ftp Copy（TFTP） Tftp-server enable Related command tftp-server timeout 2.3 FTP/TFTP Configuration Examples Tftp-server transmission-timeoutCommand tftp-server retransmission-number number Command tftp-server transmission-timeout seconds 133 134 135 2.4 FTP/TFTP Troubleshooting Help Monitor and Debug Commands Show ftpFTP Configuration Command show ftp Show tftp Command show tftp FTP Troubleshooting Help Tftp Troubleshooting Help Switch basic configuration Basicconfig Configure exec timeout Snmp configurationSnmp manager configuration Trap manager configuration Configure IP address of Snmp manager Rmon and trap configuration Snmp statistics Switch upgrade Tftp client configurationTftp server configuration FTP client configuration FTP server configuration Maintenance and debug command Debug command Show vlan port property Basic introduction to switch Others Switch on-off information Switch MaintenanceWeb server user configuration Exit current web configuration Save current running-configReboot Reboot with the default configuration Telnet security IP Device Management Configuration Device Management BriefDevice Management Show slot Show fan Command show fan Show powerCommand show power Parameters N/A Card Hot-Swap Operation Card Hot-InsertionCard Hot-Remove Debug devsm Configuration Recover Rules Active-Standby Alternation Reset specific module Show slot Show power Show fanShow module in slot Port Configuration Introduction to Port Port Configuration Names or cancels the name of specified portsName string No name Ethernet Port Configuration Commands Bandwidth Combo-forced-mode Command flow control no flow control Flow control Interface ethernet Loopback1.2.6 mdi Command name string no name Command negotiation onoffName Negotiation Command shutdown no shutdown Rate-suppressionShutdown Enter Vlan Mode Speed-duplex Vlan Interface Configuration Commands Vlan-id commandInterface vlan Ip address Enter the network management port configuration mode Network Management Port Configuration Commands Duplex Command interface ethernet interface-name Port Mirroring Configuration Introduction to Port Mirroring Command speed auto force10 force100Speed Port Mirroring Configuration Task Sequence Port Mirroring ConfigurationMonitor session source interface Device Mirroring Troubleshooting Help Monitor and Debug Commands Show monitorPort Mirroring Examples Monitor session destination interface Port Configuration Example Device Mirroring Troubleshooting Help Port Troubleshooting Help Monitor and Debug Commands Clear countersPort-channel-number interface-name Port Troubleshooting Help Show interface Ethernet port configuration Physical port configurationBandwidth control Vlan interface configuration Allocate IP address for L3 port 2.2 L3 port IP addr mode configuration Mirror configuration Port debug and maintenance Show port information MAC Table Configuration Introduction to MAC Table Obtaining MAC Table PC1 PC2 PC3 PC4 Forward or Filter MAC Table Configuration Mac-address-table aging-timeMac-address-table static Interface-name Typical Configuration Examples Mac-address-table blackhole Troubleshooting Help Command show mac-address-table aging-time Troubleshooting Help Show mac-address-table staticShow mac-address-table blackhole MAC Address Binding Configuration MAC Address Binding Configuration Task SequenceEnable MAC address binding function for the ports MAC Address Function Extension Switchport port-security mac-address No switchport port-security Mac-addressCommand deletes static secure MAC address Mac-address Switchport port-security convert Switchport port-security lockCommand switchport port-security convert Switchport port-security timeout Switchport port-security mac-address Switchport port-security maximum Clear port-security dynamic Mac Address Binding Troubleshooting Help Switchport port-security violationCommand show port-security Command show port-security interface interface-id Show port-security interface Command show port-security address interface interface-id Show port-security address Mac address table configuration Unicast address configurationMAC Address Binding Troubleshooting Help Delete unicast address MAC address query Show MAC address table Enable port MAC-Binding Enable port MAC-BindingLock port Lock port Enable port security timeout Binding MACClearing port MAC MAC binding attribution configuration Maximum port security IP number configurationPort violation mode MAC binding debug Show MAC binding security address Vlan Configuration Introduction to Vlan Vlan Configuration Vlan Configuration Task SequenceVlan vlan-id Name vlan-name Vlan Configuration Commands Switchport access vlan Command name vlan-nameno nameCommand mode Vlan Mode Name Switchport interface Switchport modeSwitchport trunk allowed vlan Command switchport mode trunkaccess Switchport trunk native vlan Vlan ingress disableCommand vlan ingress disable no vlan ingress disable Configuration Configuration description Typical Vlan Application Switch a Switch B Gvrp Configuration Gvrp Configuration Task Sequence Gvrp Commands Garp timer join Garp timer leave Garp timer hold Garp timer leaveallCommand garp timer hold timer-valueno garp timer hold Command gvrp no gvrp Typical Gvrp Application Global Gvrp Vlan Troubleshooting Help Command show vlan brief summary id vlan-id name vlan-nameMonitor and Debug Information Show vlan Show garp Show gvrpDebug gvrp Vlan Troubleshooting Help Create/remove VlanVID allocation VID attribution configuration Allocate port for VlanAllocate port for Vlan Port type configuration Set port modetrunk/access Trunk port configuration Vlan setting for trunk port Enable/Disable Vlan ingress rule Vlan setting for access portSet allow Vlan Gvrp configuration Enable global GvrpEnable port Gvrp Disable Vlan ingress rule Vlan debug and maintenance Mstp Configuration Introduction to Mstp Mstp field MST field operation MST inter-field operation Port role Mstp Configuration Mstp configuration task sequence Creates a Instance and configures Instance instance-id vlan vlan-listNo instance instance-id vlan vlan-list Mapping between a Vlan and Instance Introduction to Mstp configuration commands Abort Command abortInstance vlan Command name name no name Revision-level Command spanning-tree no spanning-tree Spanning-treeSpanning-tree forward-time Spanning-tree hello-time Spanning-tree link-type p2p Spanning-tree maxage Command spanning-tree mcheck Spanning-tree max-hopSpanning-tree mcheck Spanning-tree mode Spanning-tree mst configuration Spanning-tree mst cost Spanning-tree mst port-priority Command spanning-tree portfast no spanning-tree portfast Spanning-tree mst prioritySpanning-tree portfast Mstp Example SW4 Configurations adjustment Switch SW2 Switch SW3 Switch SW4 Instance0 topology after Mstp change Mstp Troubleshooting Help Monitor and Debug Command Show spanning-tree FWD Mstr Bridge information Instance InformationRoot Id Ext.RootPathCost Show mst configuration Command show spanning-tree mst configCommand show mst-pending Show mst-pending Mstp Troubleshooting Help Command debug spanning-tree no debug spanning-treeDebug spanning-tree Instance configuration Mstp field operationField operation Revision level control Edge port setting Port priority settingPort route cost setting Mstp mode Mstp global control Set the max age time for Bpdu information in the switch Set switch to spanning tree mode Show Mstp setting Instance information Mstp field information Igmp Snooping Configuration Igmp Snooping ConfigurationIgmp Snooping Configuration Task Introduction to Igmp Snooping Igmp Snooping Configuration Command Ip igmp snooping Ip igmp snooping vlan Ip igmp snooping vlan mrouter Ip igmp snooping vlan static Ip igmp snooping vlan immediate-leaveIp igmp snooping vlan query No ip igmp snooping vlan vlan-idstatic multicast-ip-addr Ip igmp snooping vlan query robustness Ip igmp snooping vlan query intervalIp igmp snooping vlan query max-response-time Configuration steps are listed below Igmp Snooping Example Multicast Configuration Igmp Snooping listening resultScenario 2. Igmp Query Igmp Snooping Troubleshooting Help Monitor and Debug Commands Show ip igmp snoopingCommand show ip igmp snooping vlan vlan-id 259 260 Command show mac-address-table multicast vlan vlan-id Command debug ip igmp snooping no debug ip igmp snoopingShow mac-address-table multicast Debug igmp snooping Igmp Snooping Troubleshooting Help Turning on the Igmp snooping function Query configuration Snooping configurationConfiguration display Igmp snooping static multicast configuration Igmp snooping display 265 ACL Configuration Access listAccess-group Access list Action and Global Default Action ACL configuration ACL Configuration Task Sequence SMask SIpAddrDIpAddr DMask DIpAddr Icmp-type DIpAddr Icmp-type Icmp-code Tos Host-source sIpAddr dIpAddr dMask ACL Configuration Commands Access-listextended Port the no ip access-group name Access liststandard Firewall defaultCommand firewall enable disable Firewall Ip access extended Ip access standardIp access-group Command firewall default permit deny Permit denyextended ACL Example Permit denystandardScenario ACL Troubleshooting Help ACL Debug and Monitor Commands Show access listsConfiguration result Command show access lists numacl-name Show access-group Command show access-group interface nameCommand show firewall Parameters N/A Default N/A ACL Troubleshooting Help Command mode Admin Mode Usage Guide Example Numeric standard ACL configuration Configure the numeric extended ACLDelete numeric IP ACL 280 281 Configure extended ACL name configuration Firewall configuration ACL port binding Port Channel Configuration Introduction to Port Channel Port Channel Configuration Port Channel Configuration Task Sequence Port Channel Configuration Commands Port-group Port-group modeTheir mode No port-groupport-group-number Command port-group port-group-numbermode activepassiveon Command interface port-channel port-channel-numberCommand mode Global Mode Default Interface port-channel Scenario 1 Configuring Port Channel in Lacp Port Channel Example Switch2 Config-If-Port-Channel2# Port Channel Troubleshooting Help Monitor and Debug Commands Show port-group 291 Machine state and port state of the port are as follows 293 Command debug lacp no debug lacp Debug lacp Port Channel Troubleshooting Help Lacp port group configuration Lacp port configuration Display port member Dhcp Configuration Introduction to Dhcp Dhcp Server Configuration Dhcp Sever Configuration Task SequenceNetwork-number Bootfile filename Mber｝Option code ascii string hex hex High-address Dhcp Server Configuration Commands Bootfile Client-identifierClient-identifierunique-identifier Default-router Command default-routeraddress1address2…address8Command dns-serveraddress1address2…address8 Client-name Command host address mask prefix-length Domain-nameHardware-address Host Related command hardware-address, client-identifier Related command clear ip dhcp conflictIp dhcp conflict logging Ip dhcp excluded-address Command ip dhcp pool name no ip dhcp pool name Command loghost dhcp ip-address port no loghost dhcpIp dhcp pool Loghost dhcp Netbios-name-server Netbios-node-typeCommand lease days hoursminutes infinite no lease Command network-addressnetwork-number mask prefix-length Command next-serveraddress1address2…address8Network-address Next-server Dhcp Relay Configuration Service dhcpCommand service dhcp no service dhcp Dhcp Relay Configuration Task Sequence Enable Dhcp relay Dhcp Relay Configuration Command Ip forward-protocol udp Drop Information policy drop command allowsIp helper-address Ip dhcp relay information policy drop Dhcp Configuration Example Ip dhcp relay information policy drop 311 312 Dhcp Troubleshooting Help Monitor and Debug Commands Clear ip dhcp bindingClear ip dhcp conflict Command clear ip dhcp server statistics Related command show ip dhcp server statisticsClear ip dhcp server statistics Show ip dhcp binding Command show ip dhcp conflict Command show ip dhcp server statisticsShow ip dhcp conflict Show ip dhcp server statistics Debug ip dhcp server Dhcpforward Dhcp Troubleshooting Help Dhcp server configurationEnable Dhcp Web management Address pool configuration Client’s default gateway configuration Client dns server configuration Client wins server configuration Dhcp file server address configuration Dhcp network parameter configuration Manual address pool configuration Excluded address configuration Dhcp relay configuration Dhcp packet statistics Dhcp debugging Delete binding log Delete conflict log Delete Dhcp server statistics logShow IP-Mac binding Show conflict-logging Sntp Configuration Sntp Configuration Commands Command sntp timezone name add subtract timedifferenceSntp server Sntp polltime Typical Sntp Configuration Examples Sntp Troubleshooting Help Monitor and Debug Commands Show sntpSNMP/NTP server configuration Debug sntp Request interval configuration Time differenceShow Snmp QoS Configuration Introduction to QoSQoS Terms QoS Implementation Basic QoS Model Ingress actions Star Finish Start QoS Configuration QoS Configuration Task Sequence Class-mapclass-map-name No class-mapclass-map-nameDscp-list Ip-precedence-list vlan vlan-list No class class-map-name command Aggregate-policer-name commandPolicy-mappolicy-map-name No policy-mappolicy-map-name Weight3 weight4 weight5 weight6 weight7 Weight8Policy-map-name Policy-map-name Policy-map-name output QoS Configuration Commands Mls qos Class-mapMatch Qos map cos-dscp dscp-cos Command policy-map policy-map-name Command class class-map-nameno class class-map-namePolicy-map Class 16.2.2.6 set Police Mls qos aggregate-policer No mls qos aggregate-policer aggregate-policer-name Default No trust Command mode Interface Mode Police aggregateMls qos trust Parameters aggregate-policer-name is the policy set name Service-policy Command mls qos cos default-cos no mls qos cosCommand mode Interface Mode Usage Guide Mls qos cos Command priority-queue out no priority-queue out Mls qos dscp-mutationWrr-queue bandwidth Priority-queue out Default CoS-to-Egress-Queue Map when QoS is Enabled Wrr-queue cos-mapMls qos map Parameters QoS Example SWITCH#CONFIG Scenario QoS domain QoS Troubleshooting Help QoS Debug and Monitor Commands Show mls-qosCommand show mls-qos Parameters N/A Default N/A Command mode Admin Mode Show mls qos interface WFQ Show mls qos maps Command show class-map class-map-name Command show policy-map policy-map-nameShow class-map Show policy-map QoS Troubleshooting Help Enable QoS Class-map configuration 16.5.2.1 Add/Remove class-Map Policy-map priority configuration 16.5.3.1 Add/Remove policy-map Policy-map bandwidth configuration 16.5.3.4 Add/Remove aggregate policy Apply aggregate policy Port trust mode configuration Apply QoS to port Port default CoS configuration Apply policy-map to portApply Dscp mutation mapping Egress-queue configuration Egress-queue WRR weight configuration Egress-queue Work mode configuration Mapping CoS values to egress queue QoS mapping configuration CoS-to-DSCP mapping DSCP-to-CoS mapping Dscp mutation mapping IP-precedence-to-DSCP mapping Dscp mark down mapping L3 Forward Configuration Layer 3 InterfaceIntroduction to Layer 3 Interface Create Layer 3 Interface Layer 3 Interface Configuration Commands Command interface vlan vlan-idno interface vlan vlan-idIP Forwarding Introduction to IP Forwarding IP Route Aggregation Configuration Command Ip fib optimizeShow ip traffic Fragmented, 0 couldnt fragment, 0 fragment sent 17.3 ARP Introduction to ARPDebug ip packet ARP configuration ARP Configuration Task Sequence ARP Forwarding Configuration Commands17.3.2.2.1 Arp Ipaddress Macaddress Command ip proxy-arp no ip proxy-arp Ip proxy-arpShow arp Command debug arp no debug arp Clear arp-cacheDebug arp Example： ARP Troubleshooting Help 17.4.1 L3 port configurationIP route aggregation configuration ARP configuration Configure static ARP Proxy ARP configurationClear ARP Show ARP Routing Protocol Configuration Route Table Static Route Introduction to Static Route Introduction to Default Route Static Route Configuration CommandsIp route Show ip route Configuration Scenario Troubleshooting Help Monitor and Debug Commands 18.3 RIP Introduction to RIP 385 RIP Configuration RIP Configuration Task Sequence Enable RIPConfigure RIP protocol parameters No router rip Value Update Invalid Name-of-chainHolddown RIP Configuration Commands Disable RIPNo ip rip input No ip rip output Default-metric Ip rip authentication key-chainAuto-summary Ip rip authentication mode Related command ip rip authenticationRelated command ip rip authentication key-chain Command ip rip metricin value no ip rip metricin Ip rip metricout Ip rip inputIp rip output Ip rip receive version Ip rip send version Ip rip workIp split-horizon Command rip broadcast no rip broadcast Command rip checkzero no rip checkzeroRedistribute Rip broadcast Timer basic Command timer basic update invalid holddownRip preference Router rip Command version 1 2 no version Command show ip protocolsVersion Show ip protocols Command show ip rip Show ip ripVlan4 V12 Command debug ip rip packet no debug ip rip packet Debug ip rip packet Command debug ip rip recv no debug ip rip recv Command debug ip rip send no debug ip rip sendDebug ip rip recv Debug ip rip send Typical RIP Scenario Vl an2 401 RIP Troubleshooting Help Show ip ripNo debug ip rip packet No debug ip rip recv （2）show ip route Total route items is 2, the matched route items is（3）show ip protocols RIP Troubleshooting OspfIntroduction to Ospf 405 406 Ospf Configuration Configuration Task Sequence Router id routerid Scope the no network network mask areaAuthkey Keyid Metric costvalue Ospf Configuration Commands Routerid Default redistribute cost Default redistribute interval Default redistribute limitDefault redistribute tag Default redistribute type Ip ospf authenticationCommand ip ospf cost cost no ip ospf cost Ip ospf cost Ospf enable area Command ip ospf dead-interval time no ip ospf dead-intervalCommand ip ospf enable area areaid no ip ospf enable area Ip ospf dead-interval Related command ip ospf dead-interval Command ip ospf priority priority no ip ospf priorityIp ospf passive-interface Ip ospf priority Ip ospf transmit-delay Ip ospf retransmit-intervalNetwork No network network mask area areaid Command preference ase preference no preference ase PreferenceRedistribute ospfase No redistribute ospfase bgp connected static rip Command router id routerid no router id Command router ospf no router ospfRouter id Router ospf Command stub cost cost area areaid no stub area areaid Stub costVirtuallink neighborid Show ip ospf Command show ip ospf Command show ip ospf aseShow ip ospf ase Command show ip ospf cumulative Show ip ospf cumulative Show ip ospf database Lsrtr 3 Lsnet 3 Lssumnet Lssumasb Lsase RouteTag Command show ip ospf interface interface Show ip ospf interface Command show ip ospf neighbor Show ip ospf neighbor Command show ip ospf routing Command show ip ospf virtual-linksShow ip ospf routing Show ip ospf virtual-links Switch#show ip ospf virtual-links no virtual-link Debug ip ospf event Debug ip ospf lsaDebug ip ospf packet Command debug ip ospf spf no debug ip ospf spf Typical Ospf ScenarioDebug ip ospf spf 430 431 Typical complex Ospf autonomous system 433 434 435 Ospf Troubleshooting Help Monitor and Debugging Commands （1）show ip ospf Example （3）show ip ospf ase （4）show ip ospf cumulative （5）show ip ospf database Cost Checksum Router ID 11.11.2.1 （6）show ip ospf interface （7）show ip ospf neighbor （8）show ip ospf routing （9）show ip ospf virtual-links（10）show ip protocols Ase perference=150 Static route configuration RIP configurationStatic route RIP configuration Enable RIP Enable port to receive/transmit RIP packetRIP parameter configuration Enable imported route Metricin/out configuration RIP imported route Global RIP configuration Set RIP timer Enable Ospf protocolEnable/Disable Ospf protocol Ospf Router-ID configuration Ospf network range configuration Configure Ospf area for port Ospf TX-parameter configurationConfigure Ospf authentication parameter configuration Passive interface configuration Sending packet cost configuration Ospf imported route parameter configuration Imported route parameter configurationImport external routing information Other parameter configuration Ospf priority configurationOspf Stub area and default route cost configuration Ospf virtual link configuration Port DR priority configurationOspf debug Display routing table Multicast protocol Configuration Multicast Protocol OverviewIntroduction to Multicast Multicast Address IP Multicast Packets Forwarding Common Multicast Configurations Common Multicast Configuration CommandsApplication of Multicast Show ip mroute Incoming interfaces PIM-DM Introduction to PIM-DM PIM-DM Configuration PIM-DM Configuration Task Sequence PIM-DM Configuration CommandsIp pim dense-mode Interval Ip pim query-interval Typical PIM-DM Scenario PIM-DM Troubleshooting Help Command show ip pim mroute dm Show ip pim mroute dm Command show ip pim neighbor ifname Command show ip pim interface ifnameShow ip pim neighbor Show ip pim interface Command debug ip pim Parameters N/A Default Disabled Command mode Admin ModeDebug ip pim PIM-SM Introduction to PIM-SM PIM-SM Configuration PIM-SM Configuration Task Sequence PIM-SM Configuration Commands Ip pim sparse-modeHashlength Priority Command ip pim sparse-mode no ip pim sparse-mode Command ip pim bsr-border no ip pim bsr-borderIp pim bsr-border Ip pim query-interval Ip pim bsr-candidate Ip pim rp-candidate Typical PIM-SM Scenario PIM-SM Troubleshooting Help Monitor and Debug Commands Command show ip pim bsr-routerShow ip pim bsr-router Show ip pim interface Command show ip pim mroute sm Show ip pim mroute smShow ip pim neighbor Command show ip pim rp mapping group-address Show ip pim rpDebug ip pim PIM-SM Troubleshooting Command debug ip pim bsrDebug ip pim bsr Dvmrp Introduction to Dvmrp Dvmrp configuration Configuration Task Sequence Enable Dvmrp C.D Dvmrp Configuration Commands Metricval Ip dvmrp enable Command ip dvmrp enable no ip dvmrp enableIp dvmrp cisco-compatible Ip dvmrp graft-interval Ip dvmrp nbr-timeout Command ip dvmrp metric metricval no ip dvmrp metricIp dvmrp metric Ip dvmrp route-timeout Ip dvmrp probe-intervalIp dvmrp report-interval Typical Dvmrp Scenario Ip dvmrp tunnel Dvmrp Troubleshooting Help Command show ip dvmrp mrouteShow ip dvmrp mroute Command show ip dvmrp neighbor ifname Command show ip dvmrp routeShow ip dvmrp neighbor Show ip dvmrp route Command show ip dvmrp tunnel ifname Show ip dvmrp tunnel Command debug ip dvmrp detail Command debug ip dvmrp pruning no debug ip dvmrp pruningDebug ip dvmrp detail Debug ip dvmrp pruning Dvmrp Troubleshooting IgmpIntroduction to Igmp Igmp configuration Configuration Task Sequence Enable Igmp Ip dvmrp enable ip pim dense-modeInterface the no ip igmp access-group Aclname Igmp Configuration Commands Igmp query intervalNo ip igmp query-interval Timeval Ip igmp access-group Ip igmp static-group commandIp igmp join-group Ip igmp query-timeout Ip igmp query-intervalIp igmp query-max-response-time Command ip igmp version version no ip igmp version Typical Igmp ScenarioIp igmp static-group Ip igmp version Igmp Troubleshooting Help Command show ip igmp groups ifname groupaddrShow ip igmp groups Command show ip igmp interface ifname Command debug ip igmp eventShow ip igmp interface Debug ip igmp event Igmp Troubleshooting Command debug ip igmp packetDebug ip igmp packet Multicast public monitor command PIM-DM configuration Enable PIM-DMPIM-DM parameter configuration PIM-SM configuration Enable PIM-SM PIM-SM parameter configurationSet interface as PIM-SM BSR border Dvmrp configuration Enable Dvmrp Set router as BSR candidateSet router as RP candidate Cisco-compatible configuration Dvmrp parameter configurationDvmrp global parameter configuration Dvmrp tunnel configuration Igmp configuration Igmp additive parameter configuration Igmp version configuration Multicast monitor configuration Show ip pim interface Show ip pim bsr-router Show ip pim mroute smShow ip pim rp Show ip dvmrp mroute 802.1x Configuration Introduction to 20.2 802.1x Configuration 20.2.1 802.1x Configuration Task SequenceEnable 802.1x function of the switch Aaa enable No aaa enableAaa-accounting enable No aaa-accounting enable Seconds Interface interface-name 20.2.2 802.1x Configuration Commands Aaa enable Host IPaddress portHost IPaddress Minutes Aaa-accounting enable Command aaa-accounting enable no aaa-accounting enableCommand mode Global Mode Default N/A 20.2.2.3 dot1x accept-mac 20.2.2.4 dot1x eapor enable 20.2.2.5 dot1x enable20.2.2.6 dot1x privateclient enable Command dot1x eapor enable no dot1x eapor enable 20.2.2.7 dot1x macfilter enable Command dot1x macfilter enable no dot1x macfilter enableCommand dot1x max-req count no dot1x max-req 20.2.2.8 dot1x max-req 20.2.2.12 dot1x re-authenticate Command dot1x re-authenticate interface interface-name20.2.2.10 dot1x port-control 20.2.2.11 dot1x port-method 20.2.2.13 dot1x re-authentication 20.2.2.14 dot1x timeout quiet-period20.2.2.15 dot1x timeout re-authperiod Command dot1x re-authentication no dot1x re-authentication 20.2.2.16 dot1x timeout tx-period Radius-server accounting host Radius-server authentication host Radius-server dead-time Radius-server timeout Radius-server keyRadius-server retransmit 20.3 802.1x Application Example Radi us Ser v er 10 20.4 802.1x Troubleshooting 2o.4.1 802.1x Debug and Monitor Commands Show aaa configCommand show aaa config Show aaa authenticated-user Command show aaa authenticated-user Show aaa authenticating-user Command show aaa authenticating-userCommand show radius authencated-userauthencating-user count Show radius count Command show dot1x interface interface-list Show dot1x Command debug aaa no debug aaa Command mode Admin Mode Parameters N/ADebug aaa 20.4.2 802.1x Troubleshooting Command debug dot1x no debug dot1xDebug dot1x Radius client configuration Radius global configuration Radius authentication configuration Radius accounting configuration 20.5.2 802.1X configuration20.5.2.1 802.1X configuration 20.5.2.2 802.1X port authentication configuration 20.5.2.3 802.1X port mac configuration 20.5.2.4 802.1X port status list 533 Vrrp Configuration Introduction to Vrrp 535 Vrrp Configuration Commands Router vrrp Virtual-ip Commands virtual-ip A.B.C.D master backup no virtual-ip Commands interfaceIFNAME Vlan ID no interfaceCommands enable Interface Disable Vrrp authentication modeVrrp authentication string Commands disable Commands preempt-modetrue false Commands priority value no priorityPreempt Priority Advertisement-interval Circuit-failover Vrrp Troubleshooting Help Typical Vrrp Scenario Monitor and Debug Commands Show vrrp Commands show vrrp vridCommand mode All Modes Example Debug vrrp Vrrp Troubleshooting Help Create Vrrp Number Configure Vrrp Dummy IP Configure Vrrp PortConfigure Preemptive Mode For Vrrp Activate Virtual Router Configure Vrrp priority Configure Vrrp Timer intervalConfigure Vrrp Interface Monitor Configure Authentication Mode For Vrrp Configure Authentication String For Vrrp