IP Extended ACLs | Juniper Networks EX2500 specs

EX2500 Ethernet Switch Configuration Guide

IP Extended ACLs

The switch supports up to 128 IP ACLs (standard and extended), numbered from

128 through 254. Use IP Extended ACLs to filter traffic using the following criteria:

Source IP address or network mask

Destination IP address or network mask

IP protocol number or name as shown in Table 12

TCP/UDP application ports, as shown in Table 13 on page 55

TCP flags

ICMP message code and type

Type of Service (ToS) value

DSCP value

To create an IP Extended ACL:

ex2500(config)# access-list ip 128 extended ex2500(config-ext-nacl)#

To delete an IP Extended ACL:

ex2500(config)# no access-list ip 128 extended ex2500(config)#

Table 12: Well-Known Protocol Types

Number Protocol Name

1 icmp

4 ip

6 tcp

17 udp

89ospf

103pim

54 Using ACL Filters

Image 68

Juniper Networks EX2500 manual IP Extended ACLs, To delete an IP Extended ACL

Contents

Configuration Guide North Mathilda Avenue Sunnyvale, CA Ii „ Table of Contents Chapter VLANs Chapter Ports and Trunking Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Indexes Port Mirroring Overview Configuring Port MirroringAppendixes Default Vlan Settings Port-Based Vlan AssignmentPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables About This Guide ObjectivesAudience Supported Platforms Documentation Conventions Icon Meaning Description Requesting Technical Support List of Technical PublicationsDocumentation Feedback Self-Help Online Tools and Resources Opening a Case with Jtac EX2500 Ethernet Switch Applications Page Accessing the Switch Configuring the Management Interface Dynamic Host Configuration Protocol Configure the default gateway. Enable the gateway Using Telnet Using the EX2500 Web Device Manager Configuring EX2500 Web Device Manager Access via Http Configuring EX2500 Web Device Manager Access via Https Using Snmp SNMPv1, SNMPv2 SNMPv3 Default ConfigurationUser Configuration Configuring Snmp Trap Hosts SNMPv1 Trap Host ConfigurationSNMPv2 Trap Host Configuration Configure an entry in the notify table Securing Access to the Switch SNMPv3 Trap Host Configuration Radius Authentication and Authorization How Radius Authentication WorksConfiguring Radius on the Switch Configure the Radius secret Radius Authentication Features in the EX2500 Switch Switch User Accounts Radius Attributes for EX2500 User Privileges TACACS+ Authentication Features in the EX2500 Switch TACACS+ AuthenticationHow TACACS+ Authentication Works „ starttime „ stoptime „ elapsedtime „ disccause Configure the TACACS+ secret and second secret Command Authorization and LoggingConfiguring TACACS+ Authentication on the Switch Configuring SSH Features on the Switch Generating RSA Host and Server Keys for SSH AccessSecure Shell SSH Encryption of Management Messages End User Access Control SSH Integration with Radius and TACACS+ Authentication Considerations for Configuring End User Accounts User Access Control Listing Current Users Logging In to an End User Account VLANs Vlan Overview „ Port configuration VLANs and Port Vlan ID NumbersVlan Numbers Pvid Numbers Illustrates the default Vlan settings on the switch Vlan Tagging Default Vlan Settings Port-Based Vlan Assignment Vlan Configuration Rules Vlan Topologies and Design Considerations Multiple VLANs Configuration Example Multiple VLANs example in is described in Table Enable tagging on uplink ports that support multiple VLANs Private VLANs Private Vlan Ports Private Vlan Configuration Guidelines Private Vlan Configuration ExampleConfigure a secondary Vlan and map it to the primary Vlan Verify the configuration Spanning Tree Protocol Spanning Tree Overview Bridge Priority Bridge Protocol Data Units BPDUsDetermining the Path for Forwarding BPDUs Spanning Tree Group Configuration Guidelines Changing the Spanning Tree ModePort Priority Port Path Cost Adding and Removing Ports from STGs Creating a VlanRules for Vlan Tagged Ports Rapid Spanning Tree Protocol Port State Changes Rstp Configuration Guidelines Rstp Configuration ExamplePort Type and Link Type Edge Port Per Vlan Rapid Spanning Tree Default Spanning Tree ConfigurationWhy Do We Need Multiple Spanning Trees? Pvrst Configuration Guidelines Configuring Pvrst Mstp Configuration Guidelines Multiple Spanning Tree ProtocolMstp Region Common Internal Spanning Tree Multiple Spanning Tree Groups Configuration Example Implementing Multiple Spanning Tree Groups Fast Uplink Convergence Vlan Configuration Guidelines Configuring Fast Uplink Convergence Statistical Load Distribution Ports and TrunkingTrunking Overview Trunk Group Configuration Rules Built-In Fault ToleranceBefore Configuring Static Trunks Port Trunking Configuration Example Port Trunk Group Configuration Example Follow these steps on the EX2500 switch Define a trunk group Configurable Trunk Hash Algorithm Link Aggregation Control Protocol„ Destination MAC Dmac „ Destination IP DIP 48 „ Link Aggregation Control Protocol Lacp Configuration Guidelines Configuring LacpOptionally Reducing Lacp Timeout Set the Lacp mode Ex2500config-if# lacp timeout short ex2500config-if# exit Quality of Service QoS Overview Using ACL Filters COS MAC Extended ACLs IP Standard ACLsTo delete a MAC Extended ACL To delete an IP Standard ACL IP Extended ACLs To delete an IP Extended ACL Understanding ACL Priority TCP/UDP ACL Configuration Examples Assigning ACLs to a PortViewing ACL Statistics ACL Example 1-Blocking Traffic to a Host ACL Example 3-Blocking Http Traffic Add the ACL to a port ACL Example 4-Blocking All Except Certain Packets Assign the ACLs to a port Broadcast Storms Using Storm Control FiltersConfiguring Storm Control Using Dscp Values to Provide QoS Differentiated Services Concepts Per Hop Behavior Assured Forwarding Drop Precedence Class Dscp Mapping Use the following command to perform Dscp mappingQoS Levels Using 802.1p Priority to Provide QoS Shows the priority bits in a VLAN-tagged packet Queuing and Scheduling Remote Monitoring Rmon Overview Configure the Rmon statistics on a port Rmon Group 1-Statistics Configuring Rmon History Configure the Rmon History parameters for a portThis configuration enables Rmon History collection on port Rmon Group 2-History Rmon Group 3-Alarms Alarm MIB ObjectsConfiguring Rmon Alarms Configure the Rmon Alarm parameters to track Icmp messages Ex2500config# rmon event 110 type log-only Rmon Group 9-EventsPage Igmp Igmp Snooping FastLeave Igmp Snooping Configuration Example IGMPv3 Snooping Static Multicast Router Ex2500# show ip igmp groups High Availability Through Uplink Failure Detection High Availability Overview Spanning Tree Protocol with UFD UFD Configuration Guidelines Failure Detection Pair UFD Configuration Example Monitoring UFDPage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes „ Port Mirroring Overview on „ Configuring Port Mirroring on Port Mirroring Overview Configuring Port Mirroring Indexes „ Index on EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Index Numerics Management interface, configuring Multi-links between switches, port trunkingPhysical. See switch ports Internet Group Management Protocol. See Igmp Quality of Service. See QoS QoSSecurity Segmentation. See IP subnets Segments. See IP subnets Virtual Local Area Networks. See VLANs Example showing multiple VLANs