Manuals / Avaya / Computer Equipment / Network Router

Avaya P332G-ML Ip access-list Command, Example Router-Nip access-list 101 23 deny ip any 1.2.0.0

Models: P332G-ML

1 242

Download 242 pages 24.77 Kb

Page 203

Chapter 6	CLI – Layer 3

ip access-list Command

Use the ip access-listcommand to create a specific policy rule. This command defines a policy rule. The access list contains several of these rules. Each rule pertains to the source IP address, the destination IP address, the protocol, the protocol ports (if relevant), and to the ACK bit (if relevant).

The syntax for this command is:

[no] ip access-list<access-list-number> <access-list-index>

	<command> <protocol> {<source-ip>
	<source-wildcard> any host
	<source-ip>}[<operator> <port> [<port]]
	{<destination-ip> <destination-
	wildcard>any host
	<destination-ip>}[<operator> <port>
	[<port>]][established] [precedence]
<access-list-number>	integer (100..149)
<access-list-index>	integer (1...9999)
<command>	permit deny deny-and-notify fwd0-7
<protocol>	ip tcp udp integer (1..255)
<source-ip>	ip network
<source-wildcard>	ip network wildcard
<operator>	eq lt gt range
<port>	integer (1..65535)
<destination-ip>	ip network
<destination-wildcard>	ip network wildcard
<precedence>	mandatory optional]

Example:

Router-N>ip access-list 101 23 deny ip any 1.2.0.0 0.0.255.255

To delete a specific rule, use the no form of this command.

P332G-ML User’s Guide

185

Image 203

Avaya P332G-ML manual Ip access-list Command, Example Router-Nip access-list 101 23 deny ip any 1.2.0.0

Contents

May Avaya P332G-MLPage Contents Ieee P332G-ML User’s Guide Iii Contents Contents Contents P332G-ML User’s Guide Vii Viii P332G-ML User’s Guide Contents Contents 201 Emissions 200 Immunity Interfaces Standards ComplianceXii P332G-ML User’s Guide List of Figures List of Figures Xiv P332G-ML User’s Guide List of Tables List of Tables Xvi P332G-ML User’s Guide Avaya P332G-ML Highlights OverviewManagement & Monitoring LayerLayer 2 Features Radius Security Stack RedundancySpanning Tree Hot-SwappableIP Multicast Filtering Port ClassificationNetwork Time Acquiring Protocols Link Aggregation Group LAGSoftware Download Backup Power SupplyCongestion Control FansRedundancy Layer 3 FeaturesModes of Operation ForwardingSimple Router Redundancy Protocol Srrp Policy Quality of Service QoSDHCP/BOOTP Relay Policy Access ControlRIP Route Redistribution Static RoutesRoute Preferences Netbios RebroadcastMultinetting Multiple Subnets per Vlan Router Configuration FileFile from one router to suit another Ietf Layer Avaya P332G-ML Standards SupportedP332G-ML complies with the following standards P332G-ML Device Manager Embedded Web P332G-ML Command Line Interface CLIAvaya Multi-Service Network Manager Avaya P332G-ML Network ManagementAvaya P332G-ML Network Monitoring Smon Avaya P332G-ML Front Panel Avaya P332G-ML Front and Rear PanelsPWR LAG Bups Input Bups Input ConnectorAvaya P332G-ML Back Panel Application ApplicationsP330 stacks with a P330 backbone Installing the X330STK-ML Stacking Sub-Module Installation and SetupPositioning P332G-ML Rack Mounting Rack MountingTo connect stacked switches Connecting Stacked SwitchesIncorrect Stack Connection P330 Stack Connections Powering On P332G-ML Module DC Powering On P332G-ML Module ACP332G-ML Default Settings Configuring the SwitchChapter Installation and Setup Connecting the Cables Set interface ppp ipaddrnet-mask Connecting the Console CableConfiguring the Terminal Serial Port Parameters Connecting a Modem to the Console PortCLI responds with the following Set interface ppp enableAssigning P330’s IP Stack Address Press Enter Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# prompt appears Assigning P332G-ML Initial Router ParametersRouterconfigure# Obtaining a Routing License Key Obtaining and Activating a License KeyInstallation and Setup Activating a Routing License Key Set license module license featureName whereFeatureName routing User Level Commands P330-N# session 2 router Session CommandSession modnum switchrouteratm Terminal CommandsPing hostnumber Clear screen CommandPing Command Show Commands Summary Table Chapter CLI Layer Show time parameters Command Show time CommandSyntax for this command is Show time Show timezone CommandShow ip route Show ip route CommandShow image version Command Show time parametersShow snmp Show download status CommandShow snmp Command 24x10/100Base-T With Optional Expansion SlotShow snmp retries Show snmp timeoutShow timeout Show device-mode Show device-mode CommandShow port Command Show interfaceShow port trap modnum/portnum Show port trap CommandP330-N show port trap 1/1 Port 1/1 up/down trap is disabled Show port channel CommandModule/port Module number/the port number Example Show port classification CommandShow port classification module/port Show port redundancy Show port redundancy CommandShow intermodule port redundancy Command Show port mirror CommandShow port security module/port Show port vlan-binding-mode CommandShow port security Command Show port vlan-binding-mode module/portShow internal buffering modnum Show internal buffering CommandShow boot bank Command Output Fields Show module CommandShow port flowcontrol Command Show module modnumShow cam Command Port Send Flowcontrol AdminP330-N show cam 1/1 Show cascading fault-monitoring CommandShow cascading fault-monitoring modnum Show cam modnum/portnumShow trunk modnum/portnum Show trunk CommandFollowing are the show trunk command output fields Port 1/2 advertises no flow control capabilitiesShow spantree Command Show vlan CommandBridge ID Bridge priority Priority Port Port number MAC AddrShow log module Show autopartition moduleShow dev log file 00000000 0 00002395 0205 0 0 0 0 0 0 0 0 0 00000000 0 00004242 0205 0 0 0 0 0 0 0 0 0Show system Show module-identity moduleShow license modnum Show rmon statistics module/port Show rmon statistics CommandRmon Tools P330-N show rmon alarm Show rmon history CommandShow rmon alarm Command Show rmon alarm Alarm IndexShow ppp session Show ppp authenticationShow rmon event Event Index Show ppp baud-rate Show ppp incoming timeoutShow ppp configuration Show tftp download software status modnum Show tftp download/upload status CommandShow tftp download software status Command Show tftp downloadupload status modnumShow intelligent-multicast hardware-support Show web aux-files-urlShow intelligent-multicast Show arp-aging-interval Show security modeShow arp-tx-interval P330-N dir Dir CommandDir modnum CLI Layer Privileged Level Commands No rmon event Event Index No rmon alarm Alarm IndexNo hostname No rmon history History IndexClear timezone Command Hostname CommandClear Commands Summary Table Clear snmp trap Command Clear ip route CommandClear dynamic vlans Clear vlan CommandClear dynamic vlans Command Clear vlan vlan-idnamevlannameClear port mirror Command Clear port static-vlan CommandClear cam Command Clear log CommandSet interface Set Commands Summary TableConfigure the management interface Device Chapter CLI Layer STP P330-N#set logout Set logout CommandSet logout timeout Set timezone CommandSet time server ip Set time protocol CommandSet time server Command Set time client CommandSet ip route destination gateway Time protocol Syntax for this command isSet time client enabledisable Set ip route CommandSet snmp trap rcvraddr enabledisable allconfigfault Set snmp community CommandSet snmp community accesstype community string Set snmp trap CommandsSet snmp retries number Set snmp trap enabledisable authSet snmp timeout number Set system contact string Set system location stringSet system name string Set interface ppp Command Set device-mode CommandSet device-mode mode Set interface CommandSet interface ppp ipaddrnet-mask Set interface ppp enableenable-alwaysdisableoffresetSet port level modnum/portnum value Set port level CommandSet port negotiation Command Set port negotiation modnum/portnum enabledisableSet port speed Command Set port enable CommandSet port disable Command Set port name modnum/portnum name Set port duplex CommandSet port name Command Set port duplex modnum/portnum fullhalfSet port vlan value modnum/portnum Set port trap CommandSet port trap modnum/portnum enabledisable Set port vlan CommandVlan range vlan to bind to port Example Set port vlan-binding-mode CommandSet port static-vlan Command Set port vlan-binding-mode portlist valueSet port classification module/port regular valuable Set port channel CommandSet port classification Command Set port channel portlist value nameRegular Port classification Valuable Example Set port redundancy on/off CommandSet port redundancy Commands Set internal buffering modnum maxmedmin Set port redundancy enabledisableSet internal buffering Command Set boot bank CommandSet intermodule port redundancy module/prim-port module Set boot bank valueP330-1super# set boot bank bank-a Boot bank set to bank-a Set intermodule port redundancy CommandSet port mirror source-port modnum/portnum mirror-port Set intermodule port redundancy off CommandSet port mirror Command Set intermodule port redundancy offSet port spantree cost module/port value Set port spantree priority CommandSet port spantree cost Command Set port spantree priority module/port valueSet inband vlan value Set port security CommandSet cascading Command Set inband vlan CommandSet port flowcontrol Command Set vlan CommandSet port auto-negotiation-flowcontrol-advertisement modnum Set port auto-negotiation-flowcontrol-advertisement CommandSet trunk Command Set spantree CommandsSet spantree priority priority Set spantree priority CommandSet autopartition Command Chapter CLI Layer 108 P332G-ML User’s Guide Set ppp authentication incoming papchapnone Set license CommandSet ppp authentication incoming Command Set web aux-files-url Command Set ppp incoming timeout CommandSet ppp incoming timeout timeout Set ppp baud-rate CommandSet intelligent-multicast client-port-pruning time time Set intelligent-multicast CommandSet intelligent-multicast client port pruning time Command Set intelligent-multicast router port pruning time CommandSet arp-aging-interval value Set intelligent-multicast group-filtering-delay time timeSet security mode Command Set arp-aging-interval CommandSet welcome message Set arp-tx-interval CommandSync time Command Set arp-tx-interval valueGet time Get time CommandReset Command Sync timeConfigure Command Resetting moduleNvram initialize Command Nvram initialize switchallRmon alarm Command Owner Owner name string Example Rmon event CommandCopy stack-config tftp Command Copy module-config tftp Command Copy stack-config tftp filename ipP330-N# copy stack-config tftp c\conf.cfg Filename File name full path Ip address of the Tftp server Copy module-config tftp filename ip modnumCopy tftp stack-config Command Copy tftp stack-config filename ipCopy tftp EWarchive Command P330-N# copy tftp stack-config c\p332ml\switch1.cfgCopy tftp module-config Command Copy tftp module-configfilename ip modnumModnum Copy tftp SWimage CommandString text password Example Radius CommandsSet radius authentication secret Command Set radius authentication secret stringSet radius authentication retry time time Set radius authentication server ip-addressClear radius authentication serverprimarysecondary Set radius authentication server udp-port number Set radius authentication retry-number CommandSet radius authentication retry number number Set radius authentication udp-port CommandNo username name Supervisor Level CommandsUsername Command No username CommandSet ppp chap-secret chap-secret Show radius authenticationShow username Tech Command P330-Nsuper# show radius authenticationSet radius authentication Command Set radius authentication enabledisableChapter CLI Layer 128 P332G-ML User’s Guide To exit these context modes, type the command exit Router Configuration ContextsPrompt changes to Routerconfig-ifinterfacename# Prompt changes to Routerconfigure routerprotocolname#How Commands are Organized System Commands Show tftp download status User /Privileged Command ModeNo hostname hostnamestring Show copy statusShow erase status Show running-configShow startup-config Show tftp-upload statusSet system location location string Set system contact contact stringSet system name name string Router-N copy running-config tftp c\p332\router1.cfg Copy tftp startup-config filename ipCopy tftp startup-config c\p332\router1.cfg Copy running-config tftp filename ipReset Copy startup-config tftp filename ipRouter-N copy startup-config tftp c\p332\router1.cfg Erase startup-configTraceroute host Ping host packetsize intervalRouter-N ping 149.49.50.13 5 Router-N pingIP Commands Show ip route ip-addressip-mask User ModeShow ip route Command Show ip route best-match CommandShow ip route summary Show ip route static CommandShow ip route static ip addr mask Router-1 super# sh ip route static Showing 34 rowsShow ip reverse-arp mac addr match len Show ip arp CommandShow ip reverse-arp Command Show ip arp if-name vlan ip addr ip-mask staticShow ip interface interface-nameip-addressvlan Show ip interface Command149.49.70.68 0010a49897e0 Dynamic 14355 Show ip icmp Show ip protocols protocolShow ip protocols Show ip protocols RIP Display RIP detailsRouter-N show ip unicast cache Show ip unicast cache CommandShow ip unicast cache networks Command Show ip unicast cache ip addrShow ip unicast cache networks detailednet addr net mask Show ip unicast cache networks detailed CommandRouter-N show ip unicast cache networks Router-N show ip unicast cache nextHop Show ip unicast cache nextHop CommandShow ip unicast cache summary Command Show ip unicast cache nextHopRouter-Nconfigure# ip default-gateway Configure ModeExample Router-Nconfigure# interface marketing No ip default-gatewayip-addresscostpreferenceClear ip route * ip-addr ip-mask Ip route CommandRouter-Nconfigure#ip route 192.168.33.0 255.255.255.0 Clear ip route CommandNo ip max-route-entries value Routerconfigure# arp 192.168.7.8 00400d8c2a01Routerconfigure# no arp No ip routingNo arp timeout Arp timeout secondsNo ip max-arp-entries value Router-Nconfigure#ip max-arp-entriesRouter-Nconfigure# no ip max-arp-entries No ip icmp-errorsNo ip netmask-format mask-format Ip netmask-format CommandRouter-Nconfigure#ip netmask-format bitcount No ip vlan vlan-id Ip vlan name vlan-Name Interface Mode255.255.255.0 No ip directed-broadcast Ip admin-state up/downNo ip netbios-rebroadcast mode Router-Nconfig-ifmarketing# ip netbios-rebroadcast bothNo ip redirect Ip routing-mode modeNo ip proxy-arp Ip broadcast-address bc addr Ip broadcast-address CommandEnable vlan commands Command Enable vlan commandsRouter-Nconfigure# router rip RIP CommandsRouter rip Command Example To enable the RIP protocolNo redistribute protocol Router-RIP ModeRouter-Nconfigure routerrip# redistribute ospf Router-Nconfigure routerrip# networkIp rip rip-version Router-Nconfig-ifmarketing# ip rip rip versionNo default-metric number Routerconfig-ifmarketing# default-metricIp rip default-route-mode mode Ip rip send-receivemodedefault route metricTalkdefault-listen Set RIP to receive Router-Nconfig-ifmarketing# ip rip send-receive talk listenSimplenone Router-Nconfig-ifmarketing# no ip rip split-horizonNo ip rip poison-reverse No ip rip split-horizonNo ip rip authentication key password Routerconfig-ifmarketing#ip rip authentication mode simpleIp rip authentication key Command Show ip ospf Ospf CommandsShow ip ospf Command Interface-name neighbor-id Show ip ospf interface CommandShow ip ospf neighbor Command Show ip ospf interface interface-nameAsbr-summaryrouternetworknetwork-summaryexternal Show ip ospf database CommandRouter ospf Command Show ip ospf databaseArea id IP address StubStub Router-OSPF ModeArea Command No area area id stubNo ip ospf router-id router id Example Router-Nconfigure routerospf# redistribute staticNo timers spf spf-holdtime Router-Nconfigure routerospf# timers spfNo ip ospf dead-interval seconds No ip ospf cost costNo ip ospf hello-interval seconds Example Priority No ip ospf authentication-key keyExample Ip ospf authentication-key mypass No ip ospf priority priorityShow ip vrrp vlan router-id vr-iddetail Vrrp CommandsShow ip vrrp Command Output Example Show ip vrrp detail CommandShow ip vrrp detail Detail Show full detail informationNo router vrrp Router vrrp CommandNo ip vrrp vr-idaddress ip-address Example Router-Nconfig-ifmarketing# ip vrrpRouterconfig-ifmarketing# ip vrrp 1 address No ip vrrp vr-idRouter-Nconfig-ifmarketing# ip vrrp 1 priority Ip vrrp timer CommandRouter-Nconfig-ifmarketing# ip vrrp 3 timer Ip vrrp priority CommandNo ip vrrp vr-idauth-key key-string Ip vrrp auth-key CommandIp vrrp preempt Command Router-Nconfig-ifmarketing# ip vrrp 1 preemptNo ip vrrp vr-idoverride addr owner Router-Nconfig-ifmarketing# ip vrrp 1 override addr ownerNo ip vrrp vr-idprimary ip-address Ip vrrp 1 primaryShow ip srrp Command Srrp CommandsNo router srrp Router-SRRP ModeRouter-Nconfigure routersrrp# poll-interval No timeout timeoutRouter-Nconfig-ifmarketing# ip srrp backup Router-Nconfigure routersrrp# timeoutIp srrp backup Command Ip srrp backup main router addrRouter-Nconfigure# no ip bootp-dhcp relay BOOTP-DHCP CommandsNo ip bootp-dhcp relay Router-Nconfigure# ip bootp-dhcp relayRouter-Nconfig-ifmarketing# ip bootp-dhcp network Router-Nconfig-ifmarketing# ip bootp-dhcp serverIp bootp-dhcp network Command No ip bootp-dhcp network ip-addressExample Router-N show access-group Access-group Policy CommandsShow access-group command Show access-groupShow dscp Command Show ip access lists CommandShow ip access-listspolicy-list-number Router-N show ip access-listsRouter-N show dscp Ip access-group CommandNo ip access-grouppolicy-list-numberdefault-action Router-Nip access-groupTo delete a specific rule, use the no form of this command Ip access-list CommandExample Router-Nip access-list 101 23 deny ip any 1.2.0.0 Router-Nip access-list-name 101 morning Ip access-default-action policy-list-number default- actionRouter-Nip access-default-action 101 default-action-deny Ip access-list-namepolicy-list-number nameRouter-Nip access-list-cookie 101 Ip access-list-ownerpolicy-list-number ownerRouter-Nip access-list-owner 101 admin Ip access-list-cookiepolicy-list-number cookieRouter-Nip simulate 100 192.67.85.12 Router-Nip access-list-copy 100Ip simulate Command Validate-group CommandSet qos policy-source source source local policy-server Example Router-Nconfigure# validate-groupRouter-Nconfigure# set qos policy-source local Router-Nconfigure#set qos dscp-cos-map 9-16 fwd3Dscp Dscp entry Name Entry name Router-Nconfigure# set qos dscp-name 10 specialRouter-Nconfigure# set qos trust-cos Set qos dscp-name dscp nameExample Router-Nconfigure# set vlan 2 name vlan2 Vlan CommandsShow vlan Command Set vlan CommandClear vlan vlan-id name vlan-name Clear vlan CommandSystem Requirements P330 Embedded Web ManagerAppendix a Embedded Web Manager Figure A.1 The Welcome Running the Embedded ManagerFigure A.2 Web-based Manager Install from your Local Web Site Installing the Java Plug-inInstalling from the P330 Documentation and Utilities CD Install from the Avaya SiteSoftware Download DocumentationEnvironmental P332G-ML SwitchPower Requirements PhysicalStandards Compliance Safety ACEMC Emissions InterfacesBasic Mtbf Stacking Sub-moduleRouting Usage Restriction Safety InformationApproved SFF/SFP Gbic Transceivers Laser ClassificationLX Transceiver InstallationInstalling and Removing a SFF/SFP Gbic Transceiver SpecificationsAgency Approval Gigabit Fiber Optic CablingP330 output Connector Pin AssignmentsConsole Pin Assignments P330 inputAppendix B Specifications 206 P332G-ML User’s Guide CLI Layer 2 Command Index CLI Layer 2 Command Index CLI -Layer 2 Command Index CLI Layer 2 Command Index 210 P332G-ML User’s Guide CLI Layer 3 Command Index CLI Layer 3 Command Index Emea Europe, Middle East and Africa Region To contact Avaya’s technical support, please callUnited States Dial 1-800-237-0016, press 0, then pressUAE Cala Caribbean and Latin America Region AP Asia Pacific Region216 P332GT-ML User’s Guide CLI Architecture CLI Architecture, Access & ConventionsFor example telnet Establishing a Serial ConnectionEstablishing a Telnet Connection P330-5 Command Line PromptCity-3configure routerospf# Session router P330 SessionsSecurity Levels Entering the Technician Level Entering the Supervisor LevelEntering the CLI CLI contains a simple text editor with these functions Conventions UsedNavigation, Cursor Movement and Shortcuts Getting HelpRetstatus command Command SyntaxUniversal Commands Command Abbreviations