Defining IP based ACLs | Dell 3548 specification

Defining IP based ACLs

Access Control Lists (ACL), which are comprised of Access Control Entries (ACE), allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.

For example, a network administrator defines an ACL rule that states, port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped.

ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications. Each ACE is a rule, and there are 256 rules available. But rules are not only used for user configuration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN and PVE, so not all 256 will be available for ACEs. It is expected that you will have at least 124 rules available. If you find that there are less rules available, this may be due to DHCP Snooping. You can redue the number of entries in DHCP Snooping configuration in order to free rules for ACE’s.

To define IP based ACLs, click Switch→ Network Security→ IP Based ACL. I

Figure 7-9. Network Security - IP Based ACL

Configuring Switch Information

277

Image 277

Dell 3548 manual Defining IP based ACLs, Network Security IP Based ACL Configuring Switch Information

Contents

User’s Guide December Contents Installing the PowerConnect 3524/P Software Download Through Tftp Server Configuring PowerConnect 3524/P and 3548/P 100 154 261 343 Device Feature Interaction Information PowerConnect 3524P PowerConnectSystem Description Stacking Overview PowerConnect 3548P Stacking Failover Topology Understanding the Stack TopologyStacking Members and Unit ID Removing and Replacing Stacking Members Exchanging Stacking Members Default Configuration Switching from the Stack Master to the Backup Stack Master Features OverviewPower over Ethernet IP Version 6 IPv6 Support Head of Line Blocking Prevention Virtual Cable Testing VCTFlow Control Support Ieee Back Pressure Support MAC Address Supported Features Layer 2 Features Spanning Tree Protocol Features Vlan Supported Features Link Aggregation Device Management Features Quality of Service Features Sntp SSL Security Features SSH Additional CLI Documentation Port Description PowerConnect 3524 Port Description PowerConnect 3524 Back Panel Console Port RPS Connector PowerConnect 3548 Port Description RS-232 Console Port SFP Ports LED Definitions Physical Dimensions Following figure illustrates the 100 Base-T LEDs Following table describes the Gigabit stacking port LEDs Gigabit Port LEDs SFP Port LEDs System LEDs Following table describes the system LED indications Power Supplies Stack ID Button 11. Power Connection Ventilation System Reset Button Hardware Description Site Preparation Package ContentsUnpacking Mounting the Device Installing in a RackUnpacking the Device Bracket Installation for Rack Mounting Installing on a Flat Surface Bracket Installation for Mounting on a Wall Installing the Device on a Wall Mounting a Device on a Wall Drilled Holes Front Panel Connecting to a Terminal Installing a Stack Connecting a Device to a Power SupplyOverview Stacking Cable Diagram Stacking PowerConnect 35xx Series Systems Switches Unit ID Selection Process Stacking Configuration and Identification Panel Connecting to the Device Starting and Configuring the DevicePage Configuration Procedures Configuring PowerConnect 3524/P and 3548/P Initial Configuration Booting the Switch Welcome to Dell Easy Setup Wizard Configuring PowerConnect 3524/P and 3548/P Wizard Step Following is displayed Retrieving an IP Address From a Dhcp Server Advanced Configuration IP Address Type 100.1.1.1/24 Vlan Dynamic Console# show ip interface Security Management and Password Configuration Receiving an IP Address From a Bootp ServerConsole# delete startup-config SSH Http Https Consoleconfig-line#login authentication default Consoleconfig# ip http authentication local Consoleconfig-line#enable authentication defaultConsoleconfig# crypto certificate generate keygenerate Startup Procedures Configuring Login BannersStartup Menu Procedures From the Startup menu, press 1. The following prompt appears Configuring PowerConnect 3524/P and 3548/P Set new device baud-rate 38,400 Software Download Through Tftp Server Console# show bootvarConsole# show version Enter y. The device reboots Console# show version Auto-Negotiation Port Default SettingsFlow Control Back Pressure Following table gives the port default settings Switching Port Default Settings Configuring PowerConnect 3524/P and 3548/P Understanding the Interface Starting the Application Switch Administrator Components Device Representation Dell PowerConnect Device Port Indicators Information Buttons Using the Switch Administrator ButtonsDevice Management Buttons Field Definitions Accessing the Device Through the CLITerminal Connection Command Mode Overview Using the CLITelnet Connection Privileged Exec Mode User Exec Mode Consoleconfig# Global Configuration Mode Configuring System Information Viewing Switch Asset Information Defining General Switch Information Asset Page Console# show system Console# show system id Not Operational Configuring System Information Defining System Time Settings Configuring System Information Time Synchronization Configuring System Information Configuring System Information CLI Consoleconfig# clock summer-time recurring usa System Health Viewing System Health Information Supply Power Console# show system Unit Type PowerConnect 3524 Main Power Managing Power over Ethernet Power Over Ethernet Configuring System Information Configuring System Information Interface Port Powered Device State Status Prior Class Ity Console# show power inline Unit Power Versions Viewing Version Information Managing Stack Members Console show version UnitSW version Boot version HW version Reset Resetting the Device Reload Configuring Sntp Settings Configuring System Information 10. Sntp Global Settings Configuring System Information Defining Sntp Global Settings Consoleconfig# sntp anycast client enable 11. Sntp Authentication Defining Sntp Authentication Methods 106 Defining Sntp Servers Consoleconfig# sntp authentication-key 8 md5 Calked 14. Sntp Servers 109 16. Sntp Servers Table Defining Sntp Interfaces 112 Managing Logs Defining Global Log Parameters 115 Configuring System Information Console# show syslog-servers 20. RAM Log Table Viewing the RAM Log Table AAA Application filtering control Event Status 21. Log File Table Viewing the Log File Table Console# show logging file Logging is enabled Viewing the Device Login History 22. Login History Modifying Remote Log Server Definitions Console# show users login-history 23. Remote Log Server Settings 125 24. Add a Log Server 127 Defining IP Addressing Console# show logging Logging is enabled Defining IPv4 Default Gateways Configuring the Internet Protocol Version 6 IPv6 26. IPv4 Default Gateway Defining IPv4 Interfaces Consoleconfig# no ip default-gateway 28. Add a Static IPv4 Interface 133 Console# show ip interface vlan Defining Dhcp IPv4 Interface Parameters 135 136 33. IPv6 Interface Defining IPv6 Interfaces Configuring System Information 139 35. Add IPv6 Address 141 Ipv6 icmp error-interval Defining IPv6 Default GatewayConsole# show ipv6 interface vlan Ipv6 icmp 143 37. Add IPv6 Default Gateway Defining IPv6 Isatap Tunnels 38. IPv6 Isatap Tunnel Console show ipv6 tunnel 39. IPv6 Neighbors Defining IPv6 Neighbors 149 150 Console# show ipv6 neighbors dynamic 42. IPv6 Routes Table Viewing the IPv6 Routes Table Console show ipv6 route 43. Domain Naming System DNS Configuring Domain Name Systems 155 45. DNS Server Table 46. Default Domain Name Configuring System Information Defining Default Domains Consoleconfig# ip domain-namedell.com 47. Host Name Mapping Mapping Domain Host 48. Add Host Name Mapping 161 50. ARP Settings Defining ARP Settings 163 164 Viewing Copper Cable Diagnostics Running Cable Diagnostics 166 Console# test copper-port tdr 1/e3 Viewing Optical Transceiver DiagnosticsConsole# show copper-port cable-length 53. Optical Transceiver Diagnostics Console# show fiber-ports optical-transceiver detailed 54. Optical Transceiver Diagnostics Table Managing Management Security Defining Access Profiles 171 172 173 57. Add an Access Profile Rule 175 176 Console# show management access-list mlist Defining Authentication Profiles 59. Authentication Profiles 179 180 62. Select Authentication Configuring System Information Selecting Authentication Profiles Configuring System Information ConsoleDefault None Managing Passwords 185 Console # show passwords configuration Console # show users accounts Displaying Active Users Robert 65. Local User Database Defining the Local User Databases 66. Add a User 191 Console# set username bob active Defining Line Passwords 193 69. Enable Password Defining Enable Passwords Consoleconfig# enable password level 15 secret 70. TACACS+ Settings Defining TACACS+ Settings 197 71. Add TACACS+ Host 199 Console# show tacacs Device Configuration Configuring Radius Settings 201 Configuring System Information 203 204 Console# show radius-servers Configuring Lldp and MED Configuring System Information 76. Lldp Properties Defining Lldp Properties Defining Lldp Port Settings Configuring Lldp Using CLI CommandsConsoleconfig# interface ethernet g1 209 210 79. MED Network Policy Defining Lldp MED Network Policy 212 82. MED Port Settings Defining Lldp MED Port Settings Configuring System Information 215 Configuring System Information Viewing the Lldp Neighbors Information 84. MED Port Settings Table 218 Defining Snmp Parameters Switch# show lldp neighbors 87. Snmp Global Parameters Defining Snmp Global Parameters 221 222 Defining Snmp View Settings 88. SNMPv3 View Settings 225 Console# show snmp views 91. Access Control Group Defining Snmp Access Control 92. Add an Access Control Group 229 94. SNMPv3 User Security Model USM Assigning Snmp User Security 231 232 Console# show snmp users 97. Snmp Community Defining Snmp Communities 235 98. Add Snmp Community Console config# snmp-server community dell ro 100. Notification Filter Defining Snmp Notification Filters 239 Console # show snmp filters Defining Snmp Notification Recipients 241 Configuring System Information 243 105. Notification Recipients Tables 245 Managing Files Downloading Files Configuring System Information 249 107. File Upload to Server Uploading Files 251 252 Activating Image Files 108. Active Images Configuring System Information Console# boot system image-1 109. Copy Files Copying Files Console# copy running-config startup-config 110. Files on File System Managing Device Files 258 Configuring General Settings Configuring Advanced Settings Consoleconfig# logging buffered size Configuring Network Security Configuring Switch Information Port Based Authentication 263 Interface Parameters 265 Port Based Authentication Table Vlan List Console# show dot1x Configuring Advanced Port Based Authentication 269 270 Authenticated Users Authenticating Users Console# show dot1x users Authenticated Users Table Port Security Configuring Switch Information Configuring Port Security Configuring Switch Information 275 Console # show ports security Can be learned on the port Defining IP based ACLs Network Security IP Based ACL Configuring Switch Information Configuring Switch Information 279 280 281 282 Defining MAC Based Access Control Lists 284 285 13. Network Security ACL Binding Defining ACL Binding 287 Configuring Dhcp Snooping 15. Global Parameters Defining Dhcp Snooping Global Parameters 290 Defining Dhcp Snooping on VLANs 16. Vlan Settings 17. Trusted Interfaces Defining Trusted Interfaces 293 19. Binding Database Adding Interfaces to the Dhcp Snooping Database 295 296 Defining Port Configuration Configuring PortsMac Address IP Address Lease sec Type Interface 21. Port Configuration 299 Configuring Switch Information 301 302 Console# show interfaces status Console# show interfaces configuration ethernet 1/e3 Defining LAG Parameters 23. Ports LAG Configuration 305 306 307 Enabling Storm Control 309 26. Storm Control Settings Table Port storm-control Include-multicast Defining Port Mirroring Sessions 313 314 Defining Static Addresses Configuring Address TablesConsole# show ports monitor 29. Static MAC Address 317 Viewing Dynamic Addresses Console# show bridge address-table 319 320 Configuring Garp 33. Garp Timers Defining Garp Timers 323 Gvrp Console# show gvrp configuration ethernet 1/e11 Defining STP Global Settings Configuring the Spanning Tree Protocol 35. Spanning Tree Global Settings LAG 328 32768 Dsbl 36. STP Port Settings Configuring Switch Information Defining STP Port Settings Configuring Switch Information 333 334 Console# show spanning-tree ethernet 1/e15 instance 38. STP LAG Settings Defining STP LAG Settings 337 338 Defining Rapid Spanning Tree Defining STP LAG Settings Using CLI Commands 40. Rapid Spanning Tree Rstp 341 41. Rapid Spanning Tree Rstp Table Consoleconfig-if#spanning tree mode rstp 42. Mstp Settings Configuring Switch Information Configuring Multiple Spanning Tree Configuring Switch Information 345 346 44. Mstp Interface Settings Defining Mstp Interface Settings Configuring Switch Information 349 16-4094 Console# show spanning-tree mst-configuration Configuring VLANs 46. Vlan Membership Defining Vlan Membership 353 Vlan Port Membership Table 355 Consoleconfig-if#switchport mode trunk allowed vlan add 48. Vlan Port Settings Defining Vlan Ports Settings Configuring Switch Information 49. Vlan Port Table Defining Vlan LAGs Settings Configuring Switch Information 361 Binding MAC Address to VLANs 363 Console# show vlan mac-to-vlan MAC Address Vlan Defining Vlan Protocol Groups 365 56. Protocol Group Table Adding Interfaces to Protocol Groups Console config-vlan#map protocol ip-arp protocols-group 58. Assign Protocol Port To Vlan 59. Protocol Based Vlan Table Configuring Gvrp Parameters Gvrp Global Parameters page contains the following fields 371 372 Timer values, whether Gvrp and dynamic Vlan Console# show gvrp configuration Defining Voice Vlan Global Parameters Configuring Voice Vlan 375 376 63. Voice Vlan Port Setting Configuring Switch Information Defining Voice Vlan Port Settings 378 Defining OUIs 65. Voice Vlan OUI Fill in the fields Aggregating Ports 67. Lacp Parameters Defining Lacp Parameters 384 Console# show lacp ethernet 1/e11 statistics Defining LAG Membership 386 Defining Multicast Global Parameters Multicast Forwarding Support 70. Global Parameters Adding Bridge Multicast Address Members Consoleconfig# bridge multicast filtering 71. Bridge Multicast Group 391 392 Console # show bridge multicast address-table format ip Console # show bridge multicast address-table 73. Bridge Multicast Forward All Assigning Multicast Forward All Parameters 395 Console# show bridge multicast filtering Igmp Snooping 397 398 399 Console # show ip igmp snooping mrouter 76. Unregistered Multicast Unregistered Multicast 77. Unregistered Multicast Table Console # show bridge multicast unregistered 404 Viewing Utilization Summary Viewing Tables Utilization Summary Counter Summary Viewing Counter Summary Interface Statistics Viewing Interface Statistics 409 Console# show interfaces counters Etherlike Statistics Viewing Etherlike Statistics 412 413 Gvrp Statistics Viewing Gvrp Statistics 415 Console# show gvrp statistics Console# show gvrp error-statistics EAP Statistics Viewing EAP Statistics Open the EAP Statistics Viewing EAP Statistics Using the CLI Commands Viewing Rmon Statistics Group Viewing Rmon StatisticsConsole# show dot1x statistics ethernet 1/e1 EapolFramesRx 421 422 Console# show rmon statistics ethernet 1/e1 Port 1/e1 Viewing Rmon History Control Statistics Viewing Statistics Viewing the Rmon History Table Consoleconfig-if#rmon collection history 1 interval Viewing Statistics Console# show rmon history 1 throughput 10. Rmon Events Control Defining Device Rmon Events 429 Console# show rmon events Viewing the Rmon Events Log Event 1 log Defining Rmon Device Alarms 12. Rmon Alarms 433 434 Console# show rmon alarm-table Viewing Charts 14. Port Statistics Viewing Port Statistics 15. LAG Statistics Viewing Statistics Viewing LAG Statistics 438 16. CPU Utilization Viewing the CPU Utilization Console# show cpu utilization Viewing CPU Utilization Using CLI Commands Quality of Service QoS Overview Configuring Quality of Service CoS Services Global Settings Configuring QoS Global Settings Consoleconfig# qos trust dscp Interface Settings Defining QoS Interface Settings Bandwidth Settings Defining Bandwidth Settings 447 CoS to Queue Mapping CoS Values to Queues Consoleconfig# wrr-queuecos-map4 Dscp to Queue Mapping Dscp Values to Queues Consoleconfig# qos map dscp-queue 33 40 41 to 452 Glossary Bpdu CLI Dscp Gvrp Icmp Isatap MDI OID PVE Rstp TCP/IP WAN 466 Device Feature Interaction Information 468 469 470 Index Index MDI/MDIX Syslog RFC