Manuals / Asante Technologies / Computer Equipment / Power Supply

Asante Technologies IC36240 user manual Using a Classification ACL

Models: IC36240

1 108

Download 108 pages 14.72 Kb

Page 58

When configuring an access list, you can add multiple statements by adding criteria to the same numbered list. The order of the statements is important, as the switch tests addresses against the criteria in an access list one by one (in the order the statements are entered) until it finds a match. The first match determines whether the system accepts or rejects the address. Because the system stops testing conditions after the first match, the order of the conditions is critical.

To develop an ACL first determine the protocols required within your networks. Although every site has specific requirements, certain protocols and applications are widely used. For example, network segments that provide connectivity for a publicly accessible web server or TCP.

Use the following sources to identify required traffic. The number of instances of applied access lists usually will not exceed 128 due to hardware limitations.

•Review local security policy

•Review firewall configuration

•Review applications

Using a Classification ACL

A classification ACL is composed of permit statements for the various protocols that could be destined to the internal network. (See for a list of commonly used protocols and applications.) Use the show access-listcommand to display a count of access control entry (ACE) hits to identify required protocols. Investigate and understand and suspicious or surprising results before you create explicit permit statements for unexpected protocols.

In addition to direct protection, the ACL should also provide a first line of defense against certain types of invalid traffic on the Internet.

58

Asante IntraCore IC36240

User’s Manual

Image 58

Asante Technologies IC36240 user manual Using a Classification ACL

Contents

IntraCore IC36240 Series Layer 2+ Gigabit Ethernet Switch User’s Manual IntraCore IC36240Table of Contents Password Service Password-Encryption Snmp Configuration Commands Trunk Ieee 802.1q Technical Support and Warranty Features IntroductionPackage Contents Front and Back Panel DescriptionsLEDs LEDManagement and Configuration Console InterfaceInstallation Overview Hardware Installation and SetupSafety Overview Power Requirements Installing into an Equipment RackRecommended Installation Tools Environmental RequirementsSFP Mini Gbic Ports Installing the Optional External Power SupplyEquipment Rack Guidelines Connecting to the Network Connecting Power1 10/100/1000BaseT Ports Cabling Procedures Gigabit Ethernet Ports Cabling Procedures Pin Number Pair Number & Wire ColorsAsante IntraCore IC36240 Initial Software Setup Connecting to a ConsoleConnecting to a PC User Access Verification PasswordPrivileges Commands Passwords and Privileges CommandsEnable Password Password Service Password-EncryptionUsername Command Login SecurityConfiguring an IP Address Password and login CommandsSetting a Default IP Gateway Address Restoring Factory DefaultsSystem Boot Parameters Switchconfig# ip default-gatewayAccess Each Command Mode Understanding the Command Line Interface CLIUser Top User Exec Mode Document ConventionsPrivileged Top Privileged Exec Mode Command Show ? PurposeGlobal Configuration Mode Command Exit End Ctrl-Z Purpose Switch# configureInterface Configuration Mode Spanning-Tree Configuration ModeVlan Configuration Mode Advanced Features Supported within the Command ModeSpanning-tree mst configuration Command Help Purpose Example of Context Sensitive HelpChecking Command Syntax Switch# configure ?Using Command-Line Editing Features and Shortcuts Using CLI Command HistoryUsing the No and Default Forms of Commands Keystrokes/Command PurposeCompleting a Partial Command Name Moving Around on the Command LineKeystrokes Purpose Editing Command Lines That Wrap Deleting Entries Redisplaying the Current Command LineScrolling Down a Line or a Screen Controlling Capitalization Transposing Mistyped CharactersKeystrokes Switch# clock ? Managing the System and Configuration FilesSetting the System Clock Switch# clock set 092930 28 January Switch# reload crSpecifying the Hostname Changing the PasswordTesting Connections with Ping Tests Enabling the System LogConfiguring from the Terminal Managing Configuration FilesDisplaying the Operating Configuration Switch# show running-configCopying Configuration Files to a Network Server Newname# copy running-config startup-configSwitch# copy startup-config ? Switch# copy running-config Tftp Switch# copy running-configSwitch# copy running-config tftp//192.168.0.1/my-config Access Control Configuring SnmpAuthentication Switch# copy tftp//192.168.123.59/my-confg running-configSecurity Levels Create or Modify Access Control for Snmp CommunitySupport Command Purpose Snmp-server community string view Establish the Contact and Location of the Snmp AgentConfiguring Spanning Tree Snmp Configuration CommandsSpanning Tree Parameters Spanning-tree mst?Port Priority Spanning Tree Port ConfigurationRapid Spanning Tree Protocol Rstp Port Path CostRapid Convergence Configuring Switch/Bridge PrioritySwitchconfig# spanning-tree priority priority Enabling Rapid Spanning TreeConfiguring Port Path Cost Configuring Link TypeConfiguring an Edge Port Configuring Port PriorityMultiple Spanning-Tree MST Configuring Vlan VlanMAC Address Table Switchconfig# mac-address-table aging-timeShow mac-address-table Assign IP Addresses to Switch Configuring IPClass Address or Range Status Establish Address Resolution Define a Static ARP CacheIgmp Overview Configuring IgmpManaging IP Multicast Traffic Forwarding Unknown Multicast PacketsCommand Purpose Ip igmp query-max-response-time Using Access ListsSwitchconfig-if-veth1#ip igmp query-interval Host-query messagesUsing a Classification ACL Asante IntraCore IC36240 Create a Standard Access List Create an Expanded Access List Create a MAC Access ListSwitchconfig# mac access-list standard Access-list 101 deny tcp ? Access-list 101 ?Access-list 101 deny ? Access-list 101 deny tcp 192.168.123.0 0.0.0.255 ?Access-list ? Creating an Access List with a NameApplying an Access List to an Interface Access-list standard ?Configuring Common Access Lists Switchconfig# access-list 110 permit udp any any eqAccess-list 101 deny ip any any Vlan Configuration Creating or Modifying a VlanSwitchconfig-vlan#port-member delete eth Switch# show vlanDeleting a Vlan Vlan Port Membership Modes Static AccessTrunk Ieee 802.1q Command Purpose Switchconfig# vlan dot1q tag native Switchconfig# endMonitoring Weighted Fair Queuing Lists Quality of Service ConfigurationConfiguring Weighted Fair Queuing Priority QueuingDefining the Priority List Configuring Traffic Shaping for an InterfaceTraffic Shaping Monitoring Priority Queuing ListsMonitoring the Traffic Shaping Configuration Configuring Rate LimitConfiguring Traffic Shaping for an Access List Generic Traffic Shaping ExampleAsante IntraCore IC36240 Configuring the Switch Using the GUI Main Configuration MenuInformation Screens Front Panel Information ScreenAssign IP Addresses to Switch General Information ScreenClass Address or Range Status Port Configuration Menu Individual Port Configuration ScreenAsante IntraCore IC36240 Press go Spanning Tree Protocol Configuration STP Port Configuration Global STP Bridge Configuration Snmp Configuration Asante IntraCore IC36240 Address Table Screen Asante IntraCore IC36240 Asante IntraCore IC36240 Vlan Configuration Asante IntraCore IC36240 Click Apply Igmp Configuration Asante IntraCore IC36240 Asante IntraCore IC36240 Web CLI Screen System Clock Menu Save Appendix a Basic Troubleshooting Problem Possible SolutionsEnvironmental Range Appendix B SpecificationsPhysical Characteristics PerformanceTechnical Support and Warranty Standards ComplianceAppendix C FCC Compliance and Warranty Statements FCC Compliance Statement Important Safety InstructionsIntraCare Warranty Statement Appendix D Online Warranty Registration Access List IndexIgmp LED Safety Priority Queuing Vlan