Manuals / Asante Technologies / Computer Equipment / Switch

Asante Technologies 3624/48 Applying an Access List to an Interface, Enabling an Access List

Models: 3624/48

1 145

Download 145 pages 53.25 Kb

Page 52

6.3.3 Applying an Access List to an Interface

6.3.3 Applying an Access List to an Interface

After creating your access lists, you can choose interfaces for which the access lists will be applied. If no interfaces are explicitly selected, the access list is applied to all interfaces.

To select the interface for an access list, use the following command:

Command	Purpose

access-list name acl1 set portlist ……	Select interfaces that the access list ‘acl1’ will be applied

In the next example, we will create an extended access list that will allow only SMTP bound traffic (port 25) to be forwarded on port 7, and deny all other traffic.

Switch(Config)# access-list name acl_tcp_dst_smtp add priority 1

Switch(Config)# access-list name acl_tcp_dst_smtp set ip-mode l4port dst-port from 25 to 25

Switch(Config)# access-list name acl_tcp_dst_smtp set portlist 7

Switch(Config)# access-list name acl_tcp_dst_smtp action permit

Switch(Config)# access-list name acl_deny_all add priority 2

Switch(Config)# access-list name acl_deny_all set ip-mode l4port dst-port from 25 to 25

Switch(Config)# access-list name acl_deny_all set mac-mode macsa 00-00-94-12-34-56 00- 00-00-00-00

Switch(Config)# access-list name acl_deny_all action deny

6.3.4 Enabling an Access List

To enable a configured access list, use the command below. All the examples above require execution of the ‘enable’ command to make the access lists effective.

Command	Purpose

access-list name acl_name enable	Enable an access list named ‘acl_name’ .

52

Asante IntraCore IC3624/48

User’s Manual

Image 52

Asante Technologies 3624/48 user manual Applying an Access List to an Interface, Enabling an Access List

Contents

24/48 Port 10/100 + 2/4 Gigabit Ethernet Switch User’s ManualIntraCore 3624/48 24/48 Port 10/100 + 2/4 Gigabit Ethernet Switch User’s Manual IntraCore 3624/48Table of Contents Managing the System 5.5.1 Spanning Tree Parameters 9.1 Main Configuration Menu 9.2.3 System Time SettingChapter 10 CLI Commands Appendix A Basic Troubleshooting1.1 Features Chapter 1 Introduction1.2 System Defaults DefaultFunction Parameter1000BASE-T 1000BASE-SX/LX/LHIP Settings 1.3 Package Contents 1.4 Front and Back Panel Descriptions3624 Front Panel 3624 Rear Panel3648 Front Panel 3648 Rear PanelEthernet ports Mini GBIC ports1.4.1 LEDs 1.5 Management and Configuration1.5.1 Console Interface 2.1 Installation Overview Chapter 2 Hardware Installation and Setup2.1.1 Safety Overview 2.2 Installing into an Equipment Rack 2.1.2 Recommended Installation Tools2.1.3 Power Requirements 2.1.4 Environmental Requirements2.3 SFP Mini GBIC Ports 2.2.1 Equipment Rack Guidelines2.5 Connecting to the Network 2.4 Connecting Power2.5.1 10/100/1000BaseT Ports Cabling Procedures Pair Number & Wire Colors 2.5.2 Gigabit Ethernet Ports Cabling ProceduresPin Number 1000BaseLZ GBIC Cables with SC-type fiber connectors 10µ single-mode fiber media up to 120 km 393,701 Chapter 3 Initial Software Setup 3.1 Connecting to a Consolee. Press the Configuration button from the Connect To window e 3.2 Connecting to a PC 3.3 Username and Password3.4 Configuring an IP Address Switch# configuration3.5 Restoring Factory Defaults Switch# clear config Switch# saveChapter 4 Understanding the Command Line Interface CLI Privileged Top Mode Switch#Interface Configuration Mode Switchinterface ## 4.1 User Top User EXEC Mode4.2 Privileged Top Privileged EXEC Mode show ?Command ? PurposeCOMMAND enable Username admin Password Switch# CommandCOMMAND enable Enters the privileged EXEC mode4.3 Global Configuration Mode 4.3.1 Interface Configuration Mode 4.4 Advanced Features Supported within the Command Mode Switch# configuration ? cr 4.5 Using CLI Command History 4.6 Using Command-Line Editing Features and Shortcuts 4.6.1 Moving Around on the Command Line4.6.2 Completing a Partial Command Name 4.6.3 Deleting Entries5.1.1 Setting the System Clock Chapter 5 Managing the System and Configuration Files5.1 Managing the System 5.1.3 Enable the System Log 5.1.4 Displaying the Operating Configuration5.1.2 Specify the Hostname 5.1.5 Test Connections with Ping Tests5.2 Managing Configuration Files 5.2.1 Configuring from the Terminal5.2.2 Copying Configuration Files to a Network Server Switch# show running-config5.2.3 Copying Configuration Files from a Network Server to the Switch 5.4 Configuring SNMP 5.3 Managing system image Files5.3.1 Saving System image to a Network Server 5.3.2 Replacing System image from a Network Server5.4.1 Configuring SNMP Support 5.5 Spanning Tree Algorithm 5.5.1 Spanning Tree Parameters5.5.2 Rapid Spanning Tree Protocol RSTP PriorityPort Priority Port Path Cost5.5.3 Configuring spanning-tree Use the following interface mode command to configure port link-type Command Asante IntraCore IC3624/48 User’s ManualChapter 6 Configuring IP ClassAddress or Range Status6.1 Establish Address Resolution 6.2 Managing IP Multicast Traffic 6.2.2 Configuring IGMP6.2.1 IGMP Overview Command Configure the frequency at which the designated switch sendsSwitchconfig# set igmp query-interval Purpose6.3.1 Creating an Access List 6.3 Access Lists6.3.2 Configuring an Access List SwitchConfig# access-list name aclmac add priority 6.3.3 Applying an Access List to an Interface 6.3.4 Enabling an Access ListChapter 7 VLAN Configuration 7.1 Creating or Modifying a VLAN7.2 VLAN Port Membership 7.2.1 configuring vlan portsvlan port all ports…… 7.2.2 Trunk IEEE 802.1q CommandPurpose interface IFNUMBERAsante IntraCore IC3624/48 User’s Manual8.1.1 Configuring Weighted Round Robin Chapter 8 Quality of Service Configuration8.1 Scheduling algorithm 8.2 Priority Queuing 8.1.2 Monitoring Weighted Round Robin8.2.1 Priority Mapping 8.2.3 802.1P Based QOS 8.2.2 Port Based QOS8.2.4 IP Based QOS 8.3 Traffic Shaping 8.3.1 Configuring Traffic Shaping for an Interface8.4 Rate Limiting The defaults are IP Address Username admin Password Asante capital A Chapter 9 Configuring the Switch Using the GUIEnter the username and password then click the “OK” button 9.1 Main Configuration Menu Security QoS SNMP LLDP Admin Statistics Help LogoutThe following example shows the main Configuration Menu System Port Management VLAN Management Spanning Tree Multicast9.2 System 9.2.1 System System InformationSave the settings when done by clicking the “Save Settings” button Asante IntraCore IC3624/489.2.2 System Network management Address or Range ClassStatus Asante IntraCore IC3624/48 9.2.3 System Time SettingUser’s Manual Asante IntraCore IC3624/48 9.2.4 System - Green EthernetUser’s Manual 9.3 Port Management - Port Config The Port Management section displays assorted settings for each portWhen a port number is clicked the subscreen appears Asante IntraCore IC3624/48Asante IntraCore IC3624/48 User’s Manual9.4 VLAN Management Asante IntraCore IC3624/48Asante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualVLAN MANAGEMENT - VLAN PORT. This screen allows additional settings to be controlled on a per port basis. Here the PVID can be changed to. Changing the PVID in required to force the port to respond to a particular VLAN. Becoming a member of a VLAN is only the start. The port PVID must be changed to cause it to respond only to the desired VLAN 9.5 Spanning Tree Path cost = 1000/LAN speed in Mbps MSTP. Multiple Spanning Tree Protocol can be enabled on this page Individual Port properties can be manipulated at this screenAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 MST Instance parameters can be modified on the following two screensUser’s Manual Asante IntraCore IC3624/48 9.6 MulticastUser’s Manual Asante IntraCore IC3624/48 User’s Manual9.7 Security - Port Security Access control lists can be established using this screenAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 802.1X can be enabled on a per port basisUser’s Manual Asante IntraCore IC3624/48 TACAS+ and Storm Control are available on the next screensUser’s Manual Management IP list can be used to enter a list of IP addresses to limit the availability of switch Management Asante IntraCore IC3624/48 9.8 QoSUser’s Manual Asante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s Manual9.9 SNMP Asante IntraCore IC3624/48 SNMP ContinuedUser’s Manual Asante IntraCore IC3624/48 9.10 LLDPUser’s Manual Asante IntraCore IC3624/48 User’s Manual9.11 Admin - Admin Password Asante IntraCore IC3624/48 Static addresses can be added using this screenUser’s Manual Port Mirroring - To set up a mirror, identify the port to be mirrored by checking the ingress mirror, or egress mirror for the port. Next select the port to mirror the information to Asante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 Cable diagnostic a cable test that can be run for each portUser’s Manual Asante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 9.12 StatisticsUser’s Manual Asante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s Manual9.13 Help General help is available for many screensAsante IntraCore IC3624/48 User’s Manual9.14 Logout Use this screen to logout and close the sessionAsante IntraCore IC3624/48 User’s ManualAsante IntraCore IC3624/48 User’s ManualChapter 10 CLI Commands 10.2 User Mode commandsCommand Prompt COMMAND Privileged Mode Command Prompt Switch# Global Config Mode10.3 Privileged Mode commands 10.2.6 enableFormat enable 10.3.2.2 clear config10.3.2.10 configuration 10.3.4.1 copy nvramconfig10.3.2.5 clear static-mcast 10.3.2.6 clear pass2 show qos queue-settings show qos advanced mode1 show dot1x config 10.3.8 ping2 show dot1x radius 3 show dot1x statistics10.3.11.3 show igmp snooping 1 show igmp snooping dynamicrouterport10.3.11.13 show running-config 4 show lldp msap-entry10.3.11.7 show logging 2 show logging flash-log10.3.11.14 show snmp 1 show snmp groups2show snmp users 3 show snmp communities10.3.11.19 show switch 1 show switch admin-time2 show switch age-time 3 show switch mac-table10.4 Global Config mode commands Show rmon event log6 Show rmon history 7Show rmon statisticsvlan port all port-configure vlan port ports port-configure10.4.2.4 vlan port 1 vlan port all10.4.5.2 link aggregation delport This command remove ports from LAG 10.4.6 LLDP 10.4.6.1 lldp enable10.4.6.2 lldp disable 10.4.6.7 lldp reinit-delay10.4.10 mgmt-accesslist commands 10.4.10.1 mgmt-accesslist ipaddr 10.4.10.2 mgmt-accesslist enable10.4.7 Log 10.4.7.1 Log log-server10.4.10.3 mgmt-accesslist disable 10.4.11 monitor commands 10.4.11.1 monitor enable10.4.11.2 monitor disable 10.4.12 dot1x commands 10.4.12.1 dot1x enable10.4.13.4 network dhcp-relay Configure switch dhcp relay functions 1 network dhcp-relay mode10.4.13.6 network admin-timeout 10.4.14 port-all commands 10.4.14.1 port-all admin-mode10.4.14.4 port-all portsec-lockmode Configure port security 10.4.14.3 port-all flow-control2 port-all portsec-lockmode static 3 port-all portsec-lockmode dynamic10.4.15 qos commands 10.4.15.1 qos qos-advanced Configure qos advanced mode4 port-all storm-control broadcast-unknown 5 port-all storm-control all-cast10.4.16 set commands 10.4.16.1 set IGMP 1 set igmp enable2 set igmp disable 3 set igmp last-memberquery10.4.17 snmp commands 10.4.17.1 snmp notify snmp trapstation add ip-addr community community name type bootup10.4.17.2 snmp group 1 snmp group add10.4.18 sntp commands 10.4.18.1 sntp daylight 10.4.18.2 sntp localtime Configure the local time1 sntp localtime enable 2 sntp localtime localtimedate This command sets local time10.4.110.2 spanning-tree configuration 1 spanning-tree configuration name3 spanning-tree forceversion none 10.4.110.3 spanning-tree forward-time10.4.20 User commands 10.4.21 Interface commands10.4.22.2 rmon alarm 10.4.110.8 spanning-tree mst2 rmon del alarm 10.4.23 access list commands2 access-list name WORD action permit 1 access-list name WORD clears SRC IP5 access-list name WORD clear mac SA 7access-list name WORD clear VID10.4.23.6 access-list name WORD set 3 access-list name WORD set L4portaccess-list name WORD set l4port DST-port 5 access-list name WORD set mac-mode10.4.24 arp Commands 1 arp dynamic enables and disables10.5 Interface Config mode commands 10.4.25 dos Commands10.5.1 exit command 10.5.2 dot1x command Set 802.1x port control10.5.6 lldp command 10.5.6.3 Configure med notifications10.5.6.4 Configures which TLVs are enabled for transmission 10.5.6.1 lldp state set lldp status10.5.7 admin-mode 10.5.10 flow-control command flow-control enable10.5.11 port-security command 10.5.12 qos command10.5.14.5 storm-control all-cast This command storm control limited 10.5.15 rmon-counter command10.5.17 spanning-tree command 10.5.17.1 spanning-tree cost 10.5.14.4 storm-control broadcast-unknown1vlan participation exclude This command leave a vlan 10.5.17.6 spanning-tree participation10.5.17.7 spanning-tree priority 2 vlan participationProblem Appendix A Basic TroubleshootingPossible Solutions Appendix B Specifications Status IndicatorsPerformance Specifications Management SpecificationsL2+ Management Specifications Environmental SpecificationsPackage Content WarrantyC.2 Important Safety Instructions Appendix C FCC Compliance and Warranty StatementsC.1 FCC Compliance Statement C.3 IntraCore Warranty Statement Index ConnectingDefault Commandhost-query configuration bandwidthmonitoring 57, 58, 59