Enabling an Access List | Asante Technologies 3624/48 specification

6.3.3 Applying an Access List to an Interface

6.3.3 Applying an Access List to an Interface

After creating your access lists, you can choose interfaces for which the access lists will be applied. If no interfaces are explicitly selected, the access list is applied to all interfaces.

To select the interface for an access list, use the following command:

Command	Purpose

access-list name acl1 set portlist ……	Select interfaces that the access list ‘acl1’ will be applied

In the next example, we will create an extended access list that will allow only SMTP bound traffic (port 25) to be forwarded on port 7, and deny all other traffic.

Switch(Config)# access-list name acl_tcp_dst_smtp add priority 1

Switch(Config)# access-list name acl_tcp_dst_smtp set ip-mode l4port dst-port from 25 to 25

Switch(Config)# access-list name acl_tcp_dst_smtp set portlist 7

Switch(Config)# access-list name acl_tcp_dst_smtp action permit

Switch(Config)# access-list name acl_deny_all add priority 2

Switch(Config)# access-list name acl_deny_all set ip-mode l4port dst-port from 25 to 25

Switch(Config)# access-list name acl_deny_all set mac-mode macsa 00-00-94-12-34-56 00- 00-00-00-00

Switch(Config)# access-list name acl_deny_all action deny

6.3.4 Enabling an Access List

To enable a configured access list, use the command below. All the examples above require execution of the ‘enable’ command to make the access lists effective.

Command	Purpose

access-list name acl_name enable	Enable an access list named ‘acl_name’ .

52

Asante IntraCore IC3624/48

User’s Manual

Image 52

Asante Technologies 3624/48 user manual Applying an Access List to an Interface, Enabling an Access List

Contents

24/48 Port 10/100 + 2/4 Gigabit Ethernet Switch User’s ManualIntraCore 3624/48 24/48 Port 10/100 + 2/4 Gigabit Ethernet Switch User’s Manual IntraCore 3624/48 Table of Contents Managing the System 5.5.1 Spanning Tree Parameters 9.1 Main Configuration Menu 9.2.3 System Time SettingChapter 10 CLI Commands Appendix A Basic Troubleshooting 1.1 Features Chapter 1 Introduction 1.2 System Defaults DefaultFunction Parameter 1000BASE-T 1000BASE-SX/LX/LH IP Settings 1.3 Package Contents 1.4 Front and Back Panel Descriptions3624 Front Panel 3624 Rear Panel 3648 Front Panel 3648 Rear Panel 1.4.1 LEDs 1.5 Management and Configuration1.5.1 Console Interface 2.1 Installation Overview Chapter 2 Hardware Installation and Setup2.1.1 Safety Overview 2.2 Installing into an Equipment Rack 2.1.2 Recommended Installation Tools2.1.3 Power Requirements 2.1.4 Environmental Requirements 2.3 SFP Mini GBIC Ports 2.2.1 Equipment Rack Guidelines 2.5 Connecting to the Network 2.4 Connecting Power2.5.1 10/100/1000BaseT Ports Cabling Procedures Pair Number & Wire Colors 2.5.2 Gigabit Ethernet Ports Cabling ProceduresPin Number 1000BaseLZ GBIC Cables with SC-type fiber connectors 10µ single-mode fiber media up to 120 km 393,701 Chapter 3 Initial Software Setup 3.1 Connecting to a Console e. Press the Configuration button from the Connect To window e 3.2 Connecting to a PC 3.3 Username and Password3.4 Configuring an IP Address Switch# configuration 3.5 Restoring Factory Defaults Switch# clear config Switch# save Chapter 4 Understanding the Command Line Interface CLI Privileged Top Mode Switch#Interface Configuration Mode Switchinterface ## 4.1 User Top User EXEC Mode show ? 4.2 Privileged Top Privileged EXEC ModeCommand ? Purpose COMMAND enable Username admin Password Switch# CommandCOMMAND enable Switch# ? 4.3 Global Configuration Mode 4.3.1 Interface Configuration Mode 4.4 Advanced Features Supported within the Command Mode Switch# configuration ? cr 4.5 Using CLI Command History 4.6 Using Command-Line Editing Features and Shortcuts 4.6.1 Moving Around on the Command Line 4.6.2 Completing a Partial Command Name 4.6.3 Deleting Entries 5.1.1 Setting the System Clock Chapter 5 Managing the System and Configuration Files5.1 Managing the System 5.1.3 Enable the System Log 5.1.4 Displaying the Operating Configuration5.1.2 Specify the Hostname 5.1.5 Test Connections with Ping Tests 5.2 Managing Configuration Files 5.2.1 Configuring from the Terminal5.2.2 Copying Configuration Files to a Network Server Switch# show running-config 5.2.3 Copying Configuration Files from a Network Server to the Switch 5.4 Configuring SNMP 5.3 Managing system image Files5.3.1 Saving System image to a Network Server 5.3.2 Replacing System image from a Network Server 5.4.1 Configuring SNMP Support 5.5 Spanning Tree Algorithm 5.5.1 Spanning Tree Parameters 5.5.2 Rapid Spanning Tree Protocol RSTP PriorityPort Priority Port Path Cost 5.5.3 Configuring spanning-tree Use the following interface mode command to configure port link-type Command Asante IntraCore IC3624/48 Chapter 6 Configuring IP ClassAddress or Range Status 6.1 Establish Address Resolution 6.2 Managing IP Multicast Traffic 6.2.2 Configuring IGMP6.2.1 IGMP Overview Command Configure the frequency at which the designated switch sendsSwitchconfig# set igmp query-interval Purpose 6.3.1 Creating an Access List 6.3 Access Lists6.3.2 Configuring an Access List SwitchConfig# access-list name aclmac add priority 6.3.3 Applying an Access List to an Interface 6.3.4 Enabling an Access List Chapter 7 VLAN Configuration 7.1 Creating or Modifying a VLAN 7.2 VLAN Port Membership 7.2.1 configuring vlan portsvlan port all ports…… interface IFNUMBER 7.2.2 Trunk IEEE 802.1qVlan participation Asante IntraCore IC3624/48 8.1.1 Configuring Weighted Round Robin Chapter 8 Quality of Service Configuration8.1 Scheduling algorithm 8.2 Priority Queuing 8.1.2 Monitoring Weighted Round Robin8.2.1 Priority Mapping 8.2.3 802.1P Based QOS 8.2.2 Port Based QOS8.2.4 IP Based QOS 8.3 Traffic Shaping 8.3.1 Configuring Traffic Shaping for an Interface8.4 Rate Limiting The defaults are IP Address Username admin Password Asante capital A Chapter 9 Configuring the Switch Using the GUIEnter the username and password then click the “OK” button 9.1 Main Configuration Menu Security QoS SNMP LLDP Admin Statistics Help LogoutThe following example shows the main Configuration Menu System Port Management VLAN Management Spanning Tree Multicast 9.2.1 System System Information 9.2 SystemSave the settings when done by clicking the “Save Settings” button 9.2.2 System Network management Address or Range 9.2.3 System Time Setting 9.2.4 System - Green Ethernet The Port Management section displays assorted settings for each port 9.3 Port Management - Port ConfigWhen a port number is clicked the subscreen appears Asante IntraCore IC3624/48 9.4 VLAN Management Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 VLAN MANAGEMENT - VLAN PORT. This screen allows additional settings to be controlled on a per port basis. Here the PVID can be changed to. Changing the PVID in required to force the port to respond to a particular VLAN. Becoming a member of a VLAN is only the start. The port PVID must be changed to cause it to respond only to the desired VLAN 9.5 Spanning Tree Path cost = 1000/LAN speed in Mbps MSTP. Multiple Spanning Tree Protocol can be enabled on this page Individual Port properties can be manipulated at this screen MST Instance parameters can be modified on the following two screens 9.6 Multicast Asante IntraCore IC3624/48 9.7 Security - Port Security Access control lists can be established using this screen 802.1X can be enabled on a per port basis TACAS+ and Storm Control are available on the next screens Management IP list can be used to enter a list of IP addresses to limit the availability of switch Management 9.8 QoS Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 9.9 SNMP SNMP Continued 9.10 LLDP Asante IntraCore IC3624/48 9.11 Admin - Admin Password Static addresses can be added using this screen Port Mirroring - To set up a mirror, identify the port to be mirrored by checking the ingress mirror, or egress mirror for the port. Next select the port to mirror the information to Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 Cable diagnostic a cable test that can be run for each port Asante IntraCore IC3624/48 9.12 Statistics Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 User’s Manual Asante IntraCore IC3624/48 9.13 Help General help is available for many screens 9.14 Logout Use this screen to logout and close the session Asante IntraCore IC3624/48 Chapter 10 CLI Commands 10.2 User Mode commandsCommand Prompt COMMAND Privileged Mode Command Prompt Switch# Global Config Mode 10.3 Privileged Mode commands 10.2.6 enableFormat enable 10.3.2.2 clear config 10.3.2.10 configuration 10.3.4.1 copy nvramconfig10.3.2.5 clear static-mcast 10.3.2.6 clear pass 2 show qos queue-settings 1 show dot1x config10.3.8 ping 10.3.9 reload 2 show dot1x radius 3 show dot1x statistics10.3.11.3 show igmp snooping 1 show igmp snooping dynamicrouterport 10.3.11.13 show running-config 4 show lldp msap-entry10.3.11.7 show logging 2 show logging flash-log 10.3.11.14 show snmp 1 show snmp groups2show snmp users 3 show snmp communities 10.3.11.19 show switch 1 show switch admin-time2 show switch age-time 3 show switch mac-table 10.4 Global Config mode commands Show rmon event log6 Show rmon history 7Show rmon statistics vlan port all port-configure vlan port ports port-configure10.4.2.4 vlan port 1 vlan port all 10.4.5.2 link aggregation delport This command remove ports from LAG 10.4.6 LLDP 10.4.6.1 lldp enable10.4.6.2 lldp disable 10.4.5 link-aggregation 10.4.10 mgmt-accesslist commands 10.4.10.1 mgmt-accesslist ipaddr 10.4.10.2 mgmt-accesslist enable10.4.7 Log 10.4.7.1 Log log-server 10.4.10.3 mgmt-accesslist disable 10.4.11 monitor commands 10.4.11.1 monitor enable10.4.11.2 monitor disable 10.4.12 dot1x commands 10.4.12.1 dot1x enable 10.4.13.4 network dhcp-relay Configure switch dhcp relay functions 10.4.13.6 network admin-timeout10.4.14 port-all commands 10.4.14.1 port-all admin-mode 10.4.13.2 network parms 10.4.14.4 port-all portsec-lockmode Configure port security 10.4.14.3 port-all flow-control2 port-all portsec-lockmode static 3 port-all portsec-lockmode dynamic 10.4.15 qos commands 10.4.15.1 qos qos-advanced Configure qos advanced mode4 port-all storm-control broadcast-unknown 5 port-all storm-control all-cast 10.4.16 set commands 10.4.16.1 set IGMP 1 set igmp enable2 set igmp disable 3 set igmp last-memberquery 10.4.17 snmp commands 10.4.17.1 snmp notify snmp trapstation add ip-addr community community name type bootup10.4.17.2 snmp group 1 snmp group add 10.4.18 sntp commands 10.4.18.1 sntp daylight 10.4.18.2 sntp localtime Configure the local time1 sntp localtime enable 2 sntp localtime localtimedate This command sets local time 10.4.110.2 spanning-tree configuration 1 spanning-tree configuration name3 spanning-tree forceversion none 10.4.110.3 spanning-tree forward-time 10.4.20 User commands 10.4.21 Interface commands10.4.22.2 rmon alarm 10.4.110.8 spanning-tree mst 2 rmon del alarm 10.4.23 access list commands2 access-list name WORD action permit 1 access-list name WORD clears SRC IP 5 access-list name WORD clear mac SA 7access-list name WORD clear VID10.4.23.6 access-list name WORD set 3 access-list name WORD set L4port access-list name WORD set l4port DST-port 5 access-list name WORD set mac-mode10.4.24 arp Commands 1 arp dynamic enables and disables 10.5 Interface Config mode commands 10.4.25 dos Commands10.5.1 exit command 10.5.2 dot1x command Set 802.1x port control 10.5.6 lldp command 10.5.6.3 Configure med notifications10.5.6.4 Configures which TLVs are enabled for transmission 10.5.6.1 lldp state set lldp status 10.5.7 admin-mode 10.5.10 flow-control command flow-control enable10.5.11 port-security command 10.5.12 qos command 10.5.14.5 storm-control all-cast This command storm control limited 10.5.15 rmon-counter command10.5.17 spanning-tree command 10.5.17.1 spanning-tree cost 10.5.14.4 storm-control broadcast-unknown 1vlan participation exclude This command leave a vlan 10.5.17.6 spanning-tree participation10.5.17.7 spanning-tree priority 2 vlan participation Problem Appendix A Basic TroubleshootingPossible Solutions Appendix B Specifications Status IndicatorsPerformance Specifications Management Specifications L2+ Management Specifications Environmental SpecificationsPackage Content Warranty C.2 Important Safety Instructions Appendix C FCC Compliance and Warranty StatementsC.1 FCC Compliance Statement C.3 IntraCore Warranty Statement Index ConnectingDefault Command host-query configuration bandwidthmonitoring 57, 58, 59