Milan Technology MIL-SM24004TG 4-105, mask (MAC ACL)

Access Control List Commands

4-105

4

mask (MAC ACL)

This command defines a mask for MAC ACLs. This mask defines the fields to check

in the packet header. Use the no form to remove a mask.

Syntax

[no]mask [pktformat]

{any | host | source-bitmask} {any | host | destination-bitmask}

[vid [vid-bitmask]] [ethertype [ethertype-bitmask]]

•pktformat – Check the packet format field. (If this keyword must be used in

the mask, the packet format must be specified in ACL rule to match.)

•any – Any address will be matched.

•host – The address must be for a single node.

•source-bitmask – Source address of rule must match this bitmask.

• destination-bitmask – Destination address of rule must match this bitmask.

•vid – Check the VLAN ID field.

•vid-bitmask – VLAN ID of rule must match this bitmask.

• ethertype – Check the Ethernet type field.

•ethertype-bitmask – Ethernet type of rule must match this bitmask.

Default Setting

None

Command Mode

MAC Mask

Command Usage

• Up to seven masks can be assigned to an ingress or egress ACL.

• Packets crossing a port are checked against all the rules in the ACL until a

match is found. The order in which these packets are checked is determined

by the mask, and not the order in which the ACL rules were entered.

• First create the required ACLs and inbound or outbound masks before

mapping an ACL to an interface.

Contents

Main Page i ii Contents Page Page Page Page Page Page Page Page Page Page Page Tables Page Figures Page Page Page 1-1 Chapter 1: Introduction Key Features Table 1-1. Key Features 1-2 Description of Software Features Description of Software Features 1-3 1-4 System Defaults 1-5 System Defaults 1-6 System Defaults 1-7 Page 2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options 2-2 Required Connections 2-3 Remote Connections Basic Configuration Console Connection 2-4 Setting Passwords Setting an IP Address Manual Configuration 2-5 Dynamic Configuration 2-6 Enabling SNMP Management Access Community Strings 2-7 Trap Receivers Saving Configuration Settings 2-8 Managing System Files 3-1 Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page 3-3 Configuration Options Panel Display 3-4 Main Menu 3-5 3-6 3-7 Page 3-9 Basic Configuration Displaying System Information 3-10 Displaying Switch Hardware/Software Versions 3-11 Displaying Bridge Extension Capabilities 3-12 3-13 Setting the Switchs IP Address Page 3-15 Using DHCP/BOOTP 3-16 Managing Firmware Downloading System Software from a Server 3-17 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Settings from a Server 3-19 Configuring Event Logging System Log Configuration 3-20 Remote Log Configuration 3-21 3-22 Displaying Log Messages 3-23 Sending Simple Mail Transfer Protocol Alerts Page 3-25 Resetting the System 3-26 Setting the System Clock Configuring SNTP 3-27 Setting the Time Zone 3-28 Simple Network Management Protocol Setting Community Access Strings Simple Network Management Protocol 3-29 Specifying Trap Managers and Trap Types 3-30 User Authentication Configuring the Logon Password 3-31 Configuring Local/Remote Logon Authentication 3-32 Page 3-34 Configuring HTTPS 3-35 Replacing the Default Secure-site Certificate 3-36 Configuring the Secure Shell 3-37 3-38 Generating the Host Key Pair 3-39 3-40 Configuring the SSH Server 3-41 Configuring Port Security 3-42 3-43 Configuring 802.1X Port Authentication 3-44 Displaying 802.1X Global Settings 3-45 Web Click Security, 802.1X, Information. Figure3-26 802.1X Information 3-46 Configuring 802.1X Global Settings 3-47 Configuring Port Authorization Mode 3-48 Displaying 802.1X Statistics 3-49 3-50 Filtering IP Addresses for Management Access 3-51 Figure3-30 IP Filter CLI This example allows SNMP access for a specific client. 3-52 Access Control Lists Configuring Access Control Lists 3-53 Setting the ACL Name and Type Configuring a Standard IP ACL 3-54 Configuring an Extended IP ACL 3-55 3-56 3-57 Configuring a MAC ACL Page 3-59 Configuring ACL Masks Specifying the Mask Type 3-60 Configuring an IP ACL Mask 3-61 3-62 Configuring a MAC ACL Mask 3-63 Binding a Port to an Access Control List 3-64 Port Configuration Displaying Connection Status 3-65 3-66 3-67 Configuring Interface Connections 3-68 3-69 Creating Trunk Groups 3-70 Statically Configuring a Trunk } active links statically configured 3-71 Enabling LACP on Selected Ports } } 3-72 Figure3-42 LACP Trunk Configuration 3-73 Configuring LACP Parameters Page 3-75 3-76 Displaying LACP Port Counters CLI The following example displays LACP counters for port channel 1. You can display statistics for LACP protocol messages. 3-77 Displaying LACP Settings and Status for the Local Side 3-78 Figure3-45 LACP - Por t Internal Information 3-79 Displaying LACP Settings and Status for the Remote Side 3-80 Setting Broadcast Storm Thresholds 3-81 Figure3-47 Port Broadcast Control 3-82 Configuring Port Mirroring 3-83 Configuring Rate Limits 3-84 Showing Port Statistics 3-85 3-86 Page 3-88 Address Table Settings Setting Static Addresses Address Table Settings 3-89 Displaying the Address Table Page 3-91 Changing the Aging Time Spanning Tree Algorithm Configuration 3-92 Displaying Global Settings x x 3-93 3-94 3-95 This command displays global STA settings, followed by settings for each port CLI . Note: Configuring Global Settings 3-97 3-98 Page 3-100 Displaying Interface Settings x x 3-101 3-102 3-103 Configuring Interface Settings 3-104 3-105 Configuring Multiple Spanning Trees 3-106 3-107 CLI This displays STA settings for instance 1, followed by settings for each port. CLI This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. 3-108 Displaying Interface Settings for MSTP 3-109 Configuring Interface Settings for MSTP 3-110 3-111 VLAN Configuration IEEE 802.1Q VLANs Assigning Ports to VLANs 3-112 3-113 Forwarding Tagged/Untagged Frames 3-114 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information 3-115 Displaying Current VLANs 3-116 Creating VLANs 3-117 Adding Static Members to VLANs (VLAN Index) 3-118 3-119 Adding Static Members to VLANs (Port Index) Configuring VLAN Behavior for Interfaces 3-120 3-121 3-122 Configuring Private VLANs x Enabling Private VLANs 3-123 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs 3-124 Configuring Protocol Groups Mapping Protocols to VLANs 3-125 3-126 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces 3-127 Figure3-72 Default Port Priority CLI This example assigns a default priority of 5 to port 3. 3-128 Mapping CoS Values to Egress Queues 3-129 Selecting the Queue Mode 3-130 Setting the Service Weight for Traffic Classes 3-131 Figure3-75 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues. 3-132 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 3-133 Mapping IP Precedence 3-134 Mapping DSCP Priority 3-135 Figure3-78 IP DSCP Priority 3-136 Mapping IP Port Priority 3-137 Mapping CoS Values to ACLs 3-138 Changing Priorities Based on ACL Rules 3-139 3-140 Multicast Filtering Layer 2 IGMP (Snooping and Query) 3-141 Configuring IGMP Snooping and Query Parameters 3-142 Figure3-83 IGMP Configuration 3-143 Displaying Interfaces Attached to a Multicast Router Specifying Static Interfaces for a Multicast Router 3-144 Displaying Port Members of Multicast Services 3-145 Assigning Ports to Multicast Services 3-146 Configuring Domain Name Service 3-147 Configuring General DNS Server Parameters 3-148 3-149 Configuring Static DNS Host to Address Entries 3-150 3-151 Displaying the DNS Cache 3-152 CLI - This example displays all the resource records learned from the designated name servers. 4-1 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection 4-2 4-3 Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands 4-4 Showing Commands The command show interfaces ? will display the following information: 4-5 Partial Keyword Lookup Negating the Effect of Commands Using Command History 4-6 Understanding Command Modes Exec Commands 4-7 Configuration Commands 4-8 Table 4-2 Configuration Command Modes 4-9 Command Line Processing 4-10 Command Groups 4-11 Line Commands 4-12 line login 4-13 password 4-14 exec-timeout 4-15 password-thresh silent-time 4-16 databits 4-17 parity speed 4-18 stopbits disconnect 4-19 show line 4-20 General Commands enable General Commands 4-21 disable configure 4-22 show history reload General Commands 4-23 end exit 4-24 System Management Commands 4-25 Device Designation Commands prompt hostname 4-26 User Access Commands username 4-27 enable password 4-28 IP Filter Commands management 4-29 show management 4-30 Web Server Commands ip http port ip http server 4-31 ip http secure-server 4-32 ip http secure-port 4-33 Telnet Server Commands ip telnet port ip telnet server 4-34 Secure Shell Commands 4-35 4-36 ip ssh server 4-37 ip ssh timeout ip ssh authentication-retries 4-38 ip ssh server-key size delete public-key 4-39 ip ssh crypto host-key generate ip ssh crypto zeroize 4-40 ip ssh save host-key show ip ssh 4-41 Example show ssh Table 4-16 show ssh - display description 4-42 show public-key 4-43 Event Logging Commands logging on 4-44 logging history 4-45 logging host logging facility 4-46 logging trap clear logging 4-47 show logging 4-48 The following example displays settings for the trap function. Related Commands show logging sendmail (4-51) SMTP Alert Commands Table 4-20 show logging trap - display description Table 4-21 SMTP Alert Commands 4-49 logging sendmail host logging sendmail level 4-50 logging sendmail source-email logging sendmail destination-email 4-51 logging sendmail show logging sendmail 4-52 Time Commands sntp client 4-53 sntp server 4-54 sntp poll show sntp 4-55 clock timezone calendar set 4-56 show calendar 4-57 System Status Commands show startup-config 4-58 show running-config 4-59 4-60 show system 4-61 show users show version 4-62 Frame Size Commands jumbo frame 4-63 Flash/File Commands copy 4-64 4-65 delete 4-66 dir 4-67 whichboot boot system 4-68 Authentication Commands 4-69 Authentication Sequence authentication login 4-70 authentication enable 4-71 RADIUS Client radius-server host radius-server port 4-72 radius-server key radius-server retransmit 4-73 radius-server timeout show radius-server 4-74 TACACS+ Client tacacs-server host tacacs-server port 4-75 tacacs-server key show tacacs-server 4-76 Port Security Commands port security 4-77 4-78 802.1X Port Authentication dot1x system-auth-control 4-79 authentication dot1x default dot1x default dot1x max-req 4-80 dot1x port-control 4-81 dot1x operation-mode 4-82 dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period 4-83 dot1x timeout re-authperiod dot1x timeout tx-period 4-84 show dot1x 4-85 4-86 Access Control List Commands IP ACLs 4-87 4-88 access-list ip 4-89 permit, deny (Standard ACL) 4-90 permit, deny (Extended ACL) 4-91 4-92 show ip access-list access-list ip mask-precedence 4-93 mask (IP ACL) 4-94 4-95 4-96 show access-list ip mask-precedence 4-97 ip access-group show ip access-group 4-98 map access-list ip 4-99 show map access-list ip match access-list ip 4-100 show marking 4-101 MAC ACLs access-list mac 4-102 permit, deny (MAC ACL) 4-103 show mac access-list 4-104 access-list mac mask-precedence 4-105 mask (MAC ACL) 4-106 This example creates an Egress MAC ACL. 4-107 show access-list mac mask-precedence mac access-group 4-108 show mac access-group map access-list mac 4-109 show map access-list mac 4-110 match access-list mac 4-111 ACL Information show access-list show access-group 4-112 SNMP Commands snmp-server community SNMP Commands 4-113 snmp-server contact snmp-server location 4-114 snmp-server host SNMP Commands 4-115 snmp-server enable traps show snmp 4-116 4-117 DNS Commands ip host 4-118 clear host ip domain-name 4-119 ip domain-list 4-120 ip name-server 4-121 ip domain-lookup 4-122 show hosts 4-123 show dns show dns cache Page 4-125 Interface Commands interface 4-126 description speed-duplex 4-127 negotiation 4-128 capabilities 4-129 flowcontrol 4-130 combo-forced-mode shutdown 4-131 switchport broadcast packet-rate 4-132 clear counters 4-133 show interfaces status 4-134 show interfaces counters 4-135 show interfaces switchport 4-136 Mirror Port Commands port monitor Mirror Port Commands 4-137 show port monitor 4-138 Rate Limit Commands rate-limit 4-139 Link Aggregation Commands 4-140 channel-group 4-141 lacp 4-142 lacp system-priority 4-143 lacp admin-key (Ethernet Interface) 4-144 lacp admin-key (Port Channel) lacp port-priority 4-145 show lacp 4-146 Table 4-47 show lacp counters - display description 4-147 Table 4-48 show lacp internal - display description 4-148 Table 4-49 show lacp neighbors - display description Address Table Commands 4-149 Address Table Commands Table 4-50 show lacp sysid - display description Table 4-51 Address Table Commands 4-150 mac-address-table static Address Table Commands 4-151 clear mac-address-table dynamic show mac-address-table 4-152 mac-address-table aging-time show mac-address-table aging-time 4-153 Spanning Tree Commands 4-154 spanning-tree spanning-tree mode 4-155 spanning-tree forward-time 4-156 spanning-tree hello-time 4-157 spanning-tree max-age spanning-tree priority 4-158 spanning-tree pathcost method 4-159 spanning-tree transmission-limit spanning-tree mst configuration 4-160 mst vlan 4-161 mst priority name 4-162 revision 4-163 max-hops spanning-tree spanning-disabled 4-164 spanning-tree cost spanning-tree port-priority 4-165 spanning-tree edge-port 4-166 spanning-tree portfast 4-167 spanning-tree link-type spanning-tree mst cost 4-168 spanning-tree mst port-priority 4-169 spanning-tree protocol-migration 4-170 show spanning-tree 4-171 show spanning-tree mst configuration 4-172 VLAN Commands Editing VLAN Groups vlan database 4-173 vlan 4-174 Configuring VLAN Interfaces interface vlan 4-175 switchport mode 4-176 switchport acceptable-frame-types switchport ingress-filtering 4-177 switchport native vlan 4-178 switchport allowed vlan 4-179 switchport forbidden vlan 4-180 Displaying VLAN Information show vlan 4-181 Configuring Private VLANs pvlan 4-182 show pvlan Configuring Protocol-based VLANs 4-183 protocol-vlan protocol-group (Configuring Groups) protocol-vlan protocol-group (Configuring Interfaces) 4-184 show protocol-vlan protocol-group 4-185 show interfaces protocol-vlan protocol-group 4-186 GVRP and Bridge Extension Commands bridge-ext gvrp GVRP and Bridge Extension Commands 4-187 show bridge-ext switchport gvrp 4-188 show gvrp configuration garp timer GVRP and Bridge Extension Commands 4-189 show garp timer 4-190 Priority Commands Priority Commands (Layer 2) 4-191 queue mode 4-192 switchport priority default 4-193 queue bandwidth queue cos-map 4-194 show queue mode 4-195 show queue bandwidth show queue cos-map 4-196 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) 4-197 map ip port (Interface Configuration) map ip precedence (Global Configuration) 4-198 map ip precedence (Interface Configuration) 4-199 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) 4-200 show map ip port 4-201 show map ip precedence 4-202 show map ip dscp 4-203 Multicast Filtering Commands 4-204 IGMP Snooping Commands ip igmp snooping ip igmp snooping vlan static 4-205 ip igmp snooping version show ip igmp snooping 4-206 show mac-address-table multicast 4-207 IGMP Query Commands (Layer 2) ip igmp snooping querier ip igmp snooping query-count 4-208 ip igmp snooping query-interval 4-209 ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time 4-210 Static Multicast Routing Commands ip igmp snooping vlan mrouter 4-211 show ip igmp snooping mrouter 4-212 IP Interface Commands ip address IP Interface Commands 4-213 ip dhcp restart 4-214 ip default-gateway show ip interface IP Interface Commands 4-215 show ip redirects ping 4-216 A-1 Appendix A: Software Specifications Software Features Software Specifications A-2 A Management Features Standards Management Information Bases A-3 A Management Information Bases Page B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface TableB-1 Troubleshooting Chart Troubleshooting B-2 B Using System Logs Glossary Page Page Page Page Page Index Index-1 Numerics A B Index-2 Index I J L Index-3 Index R S T U