Ip access-list Command | Avaya P332G-ML specs

Chapter 6	CLI – Layer 3

ip access-list Command

Use the ip access-listcommand to create a specific policy rule. This command defines a policy rule. The access list contains several of these rules. Each rule pertains to the source IP address, the destination IP address, the protocol, the protocol ports (if relevant), and to the ACK bit (if relevant).

The syntax for this command is:

[no] ip access-list<access-list-number> <access-list-index>

	<command> <protocol> {<source-ip>
	<source-wildcard> any host
	<source-ip>}[<operator> <port> [<port]]
	{<destination-ip> <destination-
	wildcard>any host
	<destination-ip>}[<operator> <port>
	[<port>]][established] [precedence]
<access-list-number>	integer (100..149)
<access-list-index>	integer (1...9999)
<command>	permit deny deny-and-notify fwd0-7
<protocol>	ip tcp udp integer (1..255)
<source-ip>	ip network
<source-wildcard>	ip network wildcard
<operator>	eq lt gt range
<port>	integer (1..65535)
<destination-ip>	ip network
<destination-wildcard>	ip network wildcard
<precedence>	mandatory optional]

Example:

Router-N>ip access-list 101 23 deny ip any 1.2.0.0 0.0.255.255

To delete a specific rule, use the no form of this command.

P332G-ML User’s Guide

185

Image 203

Avaya P332G-ML manual Ip access-list Command, Example Router-Nip access-list 101 23 deny ip any 1.2.0.0

Contents

May Avaya P332G-MLPage Contents Ieee P332G-ML User’s Guide Iii Contents Contents Contents P332G-ML User’s Guide Vii Viii P332G-ML User’s Guide Contents Contents 201 Emissions 200 Immunity Interfaces Standards Compliance Xii P332G-ML User’s Guide List of Figures List of Figures Xiv P332G-ML User’s Guide List of Tables List of Tables Xvi P332G-ML User’s Guide Avaya P332G-ML Highlights Overview Management & Monitoring Layer Layer 2 Features Radius Security Stack RedundancySpanning Tree Hot-Swappable IP Multicast Filtering Port ClassificationNetwork Time Acquiring Protocols Link Aggregation Group LAG Software Download Backup Power SupplyCongestion Control Fans Redundancy Layer 3 FeaturesModes of Operation Forwarding Simple Router Redundancy Protocol Srrp Policy Quality of Service QoS DHCP/BOOTP Relay Policy Access Control RIP Route Redistribution Static Routes Route Preferences Netbios Rebroadcast Multinetting Multiple Subnets per Vlan Router Configuration File File from one router to suit another Ietf Layer Avaya P332G-ML Standards SupportedP332G-ML complies with the following standards P332G-ML Device Manager Embedded Web P332G-ML Command Line Interface CLIAvaya Multi-Service Network Manager Avaya P332G-ML Network Management Avaya P332G-ML Network Monitoring Smon Avaya P332G-ML Front Panel Avaya P332G-ML Front and Rear Panels PWR LAG Bups Input Bups Input ConnectorAvaya P332G-ML Back Panel Application Applications P330 stacks with a P330 backbone Installing the X330STK-ML Stacking Sub-Module Installation and Setup Positioning P332G-ML Rack Mounting Rack Mounting To connect stacked switches Connecting Stacked Switches Incorrect Stack Connection P330 Stack Connections Powering On P332G-ML Module DC Powering On P332G-ML Module AC P332G-ML Default Settings Configuring the Switch Chapter Installation and Setup Connecting the Cables Set interface ppp ipaddrnet-mask Connecting the Console CableConfiguring the Terminal Serial Port Parameters Connecting a Modem to the Console Port CLI responds with the following Set interface ppp enable Assigning P330’s IP Stack Address Press Enter Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# prompt appears Assigning P332G-ML Initial Router Parameters Routerconfigure# Obtaining a Routing License Key Obtaining and Activating a License Key Installation and Setup Activating a Routing License Key Set license module license featureName whereFeatureName routing User Level Commands P330-N# session 2 router Session CommandSession modnum switchrouteratm Terminal Commands Ping hostnumber Clear screen CommandPing Command Show Commands Summary Table Chapter CLI Layer Show time parameters Command Show time CommandSyntax for this command is Show time Show timezone Command Show ip route Show ip route CommandShow image version Command Show time parameters Show snmp Show download status CommandShow snmp Command 24x10/100Base-T With Optional Expansion Slot Show snmp retries Show snmp timeoutShow timeout Show device-mode Show device-mode CommandShow port Command Show interface Show port trap modnum/portnum Show port trap CommandP330-N show port trap 1/1 Port 1/1 up/down trap is disabled Show port channel Command Module/port Module number/the port number Example Show port classification CommandShow port classification module/port Show port redundancy Show port redundancy CommandShow intermodule port redundancy Command Show port mirror Command Show port security module/port Show port vlan-binding-mode CommandShow port security Command Show port vlan-binding-mode module/port Show internal buffering modnum Show internal buffering CommandShow boot bank Command Output Fields Show module CommandShow port flowcontrol Command Show module modnum Show cam Command Port Send Flowcontrol Admin P330-N show cam 1/1 Show cascading fault-monitoring CommandShow cascading fault-monitoring modnum Show cam modnum/portnum Show trunk modnum/portnum Show trunk CommandFollowing are the show trunk command output fields Port 1/2 advertises no flow control capabilities Show spantree Command Show vlan Command Bridge ID Bridge priority Priority Port Port number MAC Addr Show log module Show autopartition moduleShow dev log file 00000000 0 00002395 0205 0 0 0 0 0 0 0 0 0 00000000 0 00004242 0205 0 0 0 0 0 0 0 0 0 Show system Show module-identity moduleShow license modnum Show rmon statistics module/port Show rmon statistics CommandRmon Tools P330-N show rmon alarm Show rmon history CommandShow rmon alarm Command Show rmon alarm Alarm Index Show ppp session Show ppp authenticationShow rmon event Event Index Show ppp baud-rate Show ppp incoming timeoutShow ppp configuration Show tftp download software status modnum Show tftp download/upload status CommandShow tftp download software status Command Show tftp downloadupload status modnum Show intelligent-multicast hardware-support Show web aux-files-urlShow intelligent-multicast Show arp-aging-interval Show security modeShow arp-tx-interval P330-N dir Dir CommandDir modnum CLI Layer Privileged Level Commands No rmon event Event Index No rmon alarm Alarm IndexNo hostname No rmon history History Index Clear timezone Command Hostname CommandClear Commands Summary Table Clear snmp trap Command Clear ip route Command Clear dynamic vlans Clear vlan CommandClear dynamic vlans Command Clear vlan vlan-idnamevlanname Clear port mirror Command Clear port static-vlan CommandClear cam Command Clear log Command Set interface Set Commands Summary TableConfigure the management interface Device Chapter CLI Layer STP P330-N#set logout Set logout CommandSet logout timeout Set timezone Command Set time server ip Set time protocol CommandSet time server Command Set time client Command Set ip route destination gateway Time protocol Syntax for this command isSet time client enabledisable Set ip route Command Set snmp trap rcvraddr enabledisable allconfigfault Set snmp community CommandSet snmp community accesstype community string Set snmp trap Commands Set snmp retries number Set snmp trap enabledisable authSet snmp timeout number Set system contact string Set system location stringSet system name string Set interface ppp Command Set device-mode CommandSet device-mode mode Set interface Command Set interface ppp ipaddrnet-mask Set interface ppp enableenable-alwaysdisableoffreset Set port level modnum/portnum value Set port level CommandSet port negotiation Command Set port negotiation modnum/portnum enabledisable Set port speed Command Set port enable CommandSet port disable Command Set port name modnum/portnum name Set port duplex CommandSet port name Command Set port duplex modnum/portnum fullhalf Set port vlan value modnum/portnum Set port trap CommandSet port trap modnum/portnum enabledisable Set port vlan Command Vlan range vlan to bind to port Example Set port vlan-binding-mode CommandSet port static-vlan Command Set port vlan-binding-mode portlist value Set port classification module/port regular valuable Set port channel CommandSet port classification Command Set port channel portlist value name Regular Port classification Valuable Example Set port redundancy on/off CommandSet port redundancy Commands Set internal buffering modnum maxmedmin Set port redundancy enabledisableSet internal buffering Command Set boot bank Command Set intermodule port redundancy module/prim-port module Set boot bank valueP330-1super# set boot bank bank-a Boot bank set to bank-a Set intermodule port redundancy Command Set port mirror source-port modnum/portnum mirror-port Set intermodule port redundancy off CommandSet port mirror Command Set intermodule port redundancy off Set port spantree cost module/port value Set port spantree priority CommandSet port spantree cost Command Set port spantree priority module/port value Set inband vlan value Set port security CommandSet cascading Command Set inband vlan Command Set port flowcontrol Command Set vlan Command Set port auto-negotiation-flowcontrol-advertisement modnum Set port auto-negotiation-flowcontrol-advertisement CommandSet trunk Command Set spantree Commands Set spantree priority priority Set spantree priority CommandSet autopartition Command Chapter CLI Layer 108 P332G-ML User’s Guide Set ppp authentication incoming papchapnone Set license CommandSet ppp authentication incoming Command Set web aux-files-url Command Set ppp incoming timeout CommandSet ppp incoming timeout timeout Set ppp baud-rate Command Set intelligent-multicast client-port-pruning time time Set intelligent-multicast CommandSet intelligent-multicast client port pruning time Command Set intelligent-multicast router port pruning time Command Set arp-aging-interval value Set intelligent-multicast group-filtering-delay time timeSet security mode Command Set arp-aging-interval Command Set welcome message Set arp-tx-interval CommandSync time Command Set arp-tx-interval value Get time Get time CommandReset Command Sync time Configure Command Resetting moduleNvram initialize Command Nvram initialize switchall Rmon alarm Command Owner Owner name string Example Rmon event CommandCopy stack-config tftp Command Copy module-config tftp Command Copy stack-config tftp filename ipP330-N# copy stack-config tftp c\conf.cfg Filename File name full path Ip address of the Tftp server Copy module-config tftp filename ip modnumCopy tftp stack-config Command Copy tftp stack-config filename ip Copy tftp EWarchive Command P330-N# copy tftp stack-config c\p332ml\switch1.cfgCopy tftp module-config Command Copy tftp module-configfilename ip modnum Modnum Copy tftp SWimage Command String text password Example Radius CommandsSet radius authentication secret Command Set radius authentication secret string Set radius authentication retry time time Set radius authentication server ip-addressClear radius authentication serverprimarysecondary Set radius authentication server udp-port number Set radius authentication retry-number CommandSet radius authentication retry number number Set radius authentication udp-port Command No username name Supervisor Level CommandsUsername Command No username Command Set ppp chap-secret chap-secret Show radius authenticationShow username Tech Command P330-Nsuper# show radius authenticationSet radius authentication Command Set radius authentication enabledisable Chapter CLI Layer 128 P332G-ML User’s Guide To exit these context modes, type the command exit Router Configuration ContextsPrompt changes to Routerconfig-ifinterfacename# Prompt changes to Routerconfigure routerprotocolname# How Commands are Organized System Commands Show tftp download status User /Privileged Command ModeNo hostname hostnamestring Show copy status Show erase status Show running-configShow startup-config Show tftp-upload status Set system location location string Set system contact contact stringSet system name name string Router-N copy running-config tftp c\p332\router1.cfg Copy tftp startup-config filename ipCopy tftp startup-config c\p332\router1.cfg Copy running-config tftp filename ip Reset Copy startup-config tftp filename ipRouter-N copy startup-config tftp c\p332\router1.cfg Erase startup-config Traceroute host Ping host packetsize intervalRouter-N ping 149.49.50.13 5 Router-N ping IP Commands Show ip route ip-addressip-mask User ModeShow ip route Command Show ip route best-match Command Show ip route summary Show ip route static CommandShow ip route static ip addr mask Router-1 super# sh ip route static Showing 34 rows Show ip reverse-arp mac addr match len Show ip arp CommandShow ip reverse-arp Command Show ip arp if-name vlan ip addr ip-mask static Show ip interface interface-nameip-addressvlan Show ip interface Command149.49.70.68 0010a49897e0 Dynamic 14355 Show ip icmp Show ip protocols protocolShow ip protocols Show ip protocols RIP Display RIP details Router-N show ip unicast cache Show ip unicast cache CommandShow ip unicast cache networks Command Show ip unicast cache ip addr Show ip unicast cache networks detailednet addr net mask Show ip unicast cache networks detailed CommandRouter-N show ip unicast cache networks Router-N show ip unicast cache nextHop Show ip unicast cache nextHop CommandShow ip unicast cache summary Command Show ip unicast cache nextHop Router-Nconfigure# ip default-gateway Configure ModeExample Router-Nconfigure# interface marketing No ip default-gatewayip-addresscostpreference Clear ip route * ip-addr ip-mask Ip route CommandRouter-Nconfigure#ip route 192.168.33.0 255.255.255.0 Clear ip route Command No ip max-route-entries value Routerconfigure# arp 192.168.7.8 00400d8c2a01Routerconfigure# no arp No ip routing No arp timeout Arp timeout seconds No ip max-arp-entries value Router-Nconfigure#ip max-arp-entriesRouter-Nconfigure# no ip max-arp-entries No ip icmp-errors No ip netmask-format mask-format Ip netmask-format CommandRouter-Nconfigure#ip netmask-format bitcount No ip vlan vlan-id Ip vlan name vlan-Name Interface Mode255.255.255.0 No ip directed-broadcast Ip admin-state up/downNo ip netbios-rebroadcast mode Router-Nconfig-ifmarketing# ip netbios-rebroadcast both No ip redirect Ip routing-mode modeNo ip proxy-arp Ip broadcast-address bc addr Ip broadcast-address CommandEnable vlan commands Command Enable vlan commands Router-Nconfigure# router rip RIP CommandsRouter rip Command Example To enable the RIP protocol No redistribute protocol Router-RIP ModeRouter-Nconfigure routerrip# redistribute ospf Router-Nconfigure routerrip# network Ip rip rip-version Router-Nconfig-ifmarketing# ip rip rip versionNo default-metric number Routerconfig-ifmarketing# default-metric Ip rip default-route-mode mode Ip rip send-receivemodedefault route metricTalkdefault-listen Set RIP to receive Router-Nconfig-ifmarketing# ip rip send-receive talk listen Simplenone Router-Nconfig-ifmarketing# no ip rip split-horizonNo ip rip poison-reverse No ip rip split-horizon No ip rip authentication key password Routerconfig-ifmarketing#ip rip authentication mode simpleIp rip authentication key Command Show ip ospf Ospf CommandsShow ip ospf Command Interface-name neighbor-id Show ip ospf interface CommandShow ip ospf neighbor Command Show ip ospf interface interface-name Asbr-summaryrouternetworknetwork-summaryexternal Show ip ospf database CommandRouter ospf Command Show ip ospf database Area id IP address StubStub Router-OSPF ModeArea Command No area area id stub No ip ospf router-id router id Example Router-Nconfigure routerospf# redistribute staticNo timers spf spf-holdtime Router-Nconfigure routerospf# timers spf No ip ospf dead-interval seconds No ip ospf cost costNo ip ospf hello-interval seconds Example Priority No ip ospf authentication-key keyExample Ip ospf authentication-key mypass No ip ospf priority priority Show ip vrrp vlan router-id vr-iddetail Vrrp CommandsShow ip vrrp Command Output Example Show ip vrrp detail CommandShow ip vrrp detail Detail Show full detail information No router vrrp Router vrrp Command No ip vrrp vr-idaddress ip-address Example Router-Nconfig-ifmarketing# ip vrrpRouterconfig-ifmarketing# ip vrrp 1 address No ip vrrp vr-id Router-Nconfig-ifmarketing# ip vrrp 1 priority Ip vrrp timer CommandRouter-Nconfig-ifmarketing# ip vrrp 3 timer Ip vrrp priority Command No ip vrrp vr-idauth-key key-string Ip vrrp auth-key CommandIp vrrp preempt Command Router-Nconfig-ifmarketing# ip vrrp 1 preempt No ip vrrp vr-idoverride addr owner Router-Nconfig-ifmarketing# ip vrrp 1 override addr ownerNo ip vrrp vr-idprimary ip-address Ip vrrp 1 primary Show ip srrp Command Srrp Commands No router srrp Router-SRRP ModeRouter-Nconfigure routersrrp# poll-interval No timeout timeout Router-Nconfig-ifmarketing# ip srrp backup Router-Nconfigure routersrrp# timeoutIp srrp backup Command Ip srrp backup main router addr Router-Nconfigure# no ip bootp-dhcp relay BOOTP-DHCP CommandsNo ip bootp-dhcp relay Router-Nconfigure# ip bootp-dhcp relay Router-Nconfig-ifmarketing# ip bootp-dhcp network Router-Nconfig-ifmarketing# ip bootp-dhcp serverIp bootp-dhcp network Command No ip bootp-dhcp network ip-address Example Router-N show access-group Access-group Policy CommandsShow access-group command Show access-group Show dscp Command Show ip access lists CommandShow ip access-listspolicy-list-number Router-N show ip access-lists Router-N show dscp Ip access-group CommandNo ip access-grouppolicy-list-numberdefault-action Router-Nip access-group To delete a specific rule, use the no form of this command Ip access-list CommandExample Router-Nip access-list 101 23 deny ip any 1.2.0.0 Router-Nip access-list-name 101 morning Ip access-default-action policy-list-number default- actionRouter-Nip access-default-action 101 default-action-deny Ip access-list-namepolicy-list-number name Router-Nip access-list-cookie 101 Ip access-list-ownerpolicy-list-number ownerRouter-Nip access-list-owner 101 admin Ip access-list-cookiepolicy-list-number cookie Router-Nip simulate 100 192.67.85.12 Router-Nip access-list-copy 100Ip simulate Command Validate-group Command Set qos policy-source source source local policy-server Example Router-Nconfigure# validate-groupRouter-Nconfigure# set qos policy-source local Router-Nconfigure#set qos dscp-cos-map 9-16 fwd3 Dscp Dscp entry Name Entry name Router-Nconfigure# set qos dscp-name 10 specialRouter-Nconfigure# set qos trust-cos Set qos dscp-name dscp name Example Router-Nconfigure# set vlan 2 name vlan2 Vlan CommandsShow vlan Command Set vlan Command Clear vlan vlan-id name vlan-name Clear vlan Command System Requirements P330 Embedded Web Manager Appendix a Embedded Web Manager Figure A.1 The Welcome Running the Embedded Manager Figure A.2 Web-based Manager Install from your Local Web Site Installing the Java Plug-inInstalling from the P330 Documentation and Utilities CD Install from the Avaya Site Software Download Documentation Environmental P332G-ML SwitchPower Requirements Physical Standards Compliance Safety ACEMC Emissions Interfaces Basic Mtbf Stacking Sub-moduleRouting Usage Restriction Safety InformationApproved SFF/SFP Gbic Transceivers Laser Classification LX Transceiver InstallationInstalling and Removing a SFF/SFP Gbic Transceiver Specifications Agency Approval Gigabit Fiber Optic Cabling P330 output Connector Pin AssignmentsConsole Pin Assignments P330 input Appendix B Specifications 206 P332G-ML User’s Guide CLI Layer 2 Command Index CLI Layer 2 Command Index CLI -Layer 2 Command Index CLI Layer 2 Command Index 210 P332G-ML User’s Guide CLI Layer 3 Command Index CLI Layer 3 Command Index Emea Europe, Middle East and Africa Region To contact Avaya’s technical support, please callUnited States Dial 1-800-237-0016, press 0, then press UAE Cala Caribbean and Latin America Region AP Asia Pacific Region 216 P332GT-ML User’s Guide CLI Architecture CLI Architecture, Access & Conventions For example telnet Establishing a Serial ConnectionEstablishing a Telnet Connection P330-5 Command Line PromptCity-3configure routerospf# Session router P330 SessionsSecurity Levels Entering the Technician Level Entering the Supervisor LevelEntering the CLI CLI contains a simple text editor with these functions Conventions UsedNavigation, Cursor Movement and Shortcuts Getting Help Retstatus command Command SyntaxUniversal Commands Command Abbreviations