MAC Extended ACLs, IP Standard ACLs | Juniper Networks EX2500

Chapter 5: Quality of Service

Each ACL contains rules that define the matching criteria for data packets. The ACL checks each packet against its rules, to determine if there is a match. If the packet matches the ACL’s rules, the ACL performs its configured action: either permit or deny the packet.

The EX2500 switch supports the following ACL types:

MAC Extended ACLs

IP Standard ACLs

IP Extended ACLs

MAC Extended ACLs

The switch supports up to 127 MAC Extended ACLs, numbered from 1 through

127. Use MAC Extended ACLs to filter traffic using the following criteria:

Source or destination MAC address

VLAN

Ethernet protocol

User priority criteria

To create a MAC Extended ACL:

ex2500(config)# access-list mac extended 1 ex2500(config-ext-macl)#

To delete a MAC Extended ACL:

ex2500(config)# no access-list mac extended 1 ex2500(config)#

IP Standard ACLs

The switch supports up to 128 IP ACLs (standard and extended), numbered from 128 through 254. Use IP Standard ACLs to filter traffic using source IP address or network mask and destination IP address or network mask.

To create an IP Standard ACL:

ex2500(config)# access-list ip 128 standard ex2500(config-std-nacl)#

To delete an IP Standard ACL:

ex2500(config)# no access-list ip 128 standard ex2500(config)#

Using ACL Filters 53

Image 67

Juniper Networks EX2500 MAC Extended ACLs, IP Standard ACLs, To delete a MAC Extended ACL, To delete an IP Standard ACL

Contents

North Mathilda Avenue Sunnyvale, CA Configuration Guide Ii „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and Trunking Appendixes Port Mirroring Overview Configuring Port MirroringIndexes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Supported Platforms About This GuideObjectives Audience Icon Meaning Description Documentation Conventions Documentation Feedback List of Technical PublicationsRequesting Technical Support Opening a Case with Jtac Self-Help Online Tools and Resources EX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the Switch Configure the default gateway. Enable the gateway Dynamic Host Configuration Protocol Using the EX2500 Web Device Manager Using Telnet Configuring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via Http SNMPv1, SNMPv2 Using Snmp User Configuration Default ConfigurationSNMPv3 Configure an entry in the notify table Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration SNMPv2 Trap Host Configuration SNMPv3 Trap Host Configuration Securing Access to the Switch Configure the Radius secret Radius Authentication and AuthorizationHow Radius Authentication Works Configuring Radius on the Switch Radius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User Accounts How TACACS+ Authentication Works TACACS+ AuthenticationTACACS+ Authentication Features in the EX2500 Switch „ starttime „ stoptime „ elapsedtime „ disccause Configuring TACACS+ Authentication on the Switch Command Authorization and LoggingConfigure the TACACS+ secret and second secret SSH Encryption of Management Messages Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access Secure Shell SSH Integration with Radius and TACACS+ Authentication End User Access Control User Access Control Considerations for Configuring End User Accounts Logging In to an End User Account Listing Current Users Vlan Overview VLANs Pvid Numbers „ Port configurationVLANs and Port Vlan ID Numbers Vlan Numbers Vlan Tagging Illustrates the default Vlan settings on the switch Default Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration Rules Multiple VLANs example in is described in Table Multiple VLANs Configuration Example Enable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANs Verify the configuration Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Configure a secondary Vlan and map it to the primary Vlan Spanning Tree Overview Spanning Tree Protocol Determining the Path for Forwarding BPDUs Bridge Protocol Data Units BPDUsBridge Priority Port Path Cost Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port Priority Rules for Vlan Tagged Ports Creating a VlanAdding and Removing Ports from STGs Port State Changes Rapid Spanning Tree Protocol Edge Port Rstp Configuration GuidelinesRstp Configuration Example Port Type and Link Type Why Do We Need Multiple Spanning Trees? Default Spanning Tree ConfigurationPer Vlan Rapid Spanning Tree Configuring Pvrst Pvrst Configuration Guidelines Common Internal Spanning Tree Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Mstp Region Implementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration Example Vlan Fast Uplink Convergence Configuring Fast Uplink Convergence Configuration Guidelines Trunking Overview Ports and TrunkingStatistical Load Distribution Before Configuring Static Trunks Built-In Fault ToleranceTrunk Group Configuration Rules Port Trunk Group Configuration Example Port Trunking Configuration Example Follow these steps on the EX2500 switch Define a trunk group „ Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination MAC Dmac 48 „ Link Aggregation Control Protocol Set the Lacp mode Lacp Configuration GuidelinesConfiguring Lacp Optionally Reducing Lacp Timeout Ex2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of Service COS Using ACL Filters To delete an IP Standard ACL MAC Extended ACLsIP Standard ACLs To delete a MAC Extended ACL To delete an IP Extended ACL IP Extended ACLs TCP/UDP Understanding ACL Priority ACL Example 1-Blocking Traffic to a Host ACL Configuration ExamplesAssigning ACLs to a Port Viewing ACL Statistics Add the ACL to a port ACL Example 3-Blocking Http Traffic Assign the ACLs to a port ACL Example 4-Blocking All Except Certain Packets Configuring Storm Control Using Storm Control FiltersBroadcast Storms Differentiated Services Concepts Using Dscp Values to Provide QoS Assured Forwarding Drop Precedence Class Per Hop Behavior QoS Levels Use the following command to perform Dscp mappingDscp Mapping Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoS Queuing and Scheduling Rmon Overview Remote Monitoring Rmon Group 1-Statistics Configure the Rmon statistics on a port Rmon Group 2-History Configuring Rmon HistoryConfigure the Rmon History parameters for a port This configuration enables Rmon History collection on port Configure the Rmon Alarm parameters to track Icmp messages Rmon Group 3-AlarmsAlarm MIB Objects Configuring Rmon Alarms Rmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping Igmp FastLeave IGMPv3 Snooping Igmp Snooping Configuration Example Ex2500# show ip igmp groups Static Multicast Router High Availability Overview High Availability Through Uplink Failure Detection Failure Detection Pair Spanning Tree Protocol with UFD UFD Configuration Guidelines Monitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring on Configuring Port Mirroring „ Index on Indexes EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics Index Internet Group Management Protocol. See Igmp Management interface, configuringMulti-links between switches, port trunking Physical. See switch ports Segmentation. See IP subnets Segments. See IP subnets Quality of Service. See QoSQoS Security Example showing multiple VLANs Virtual Local Area Networks. See VLANs