Access Control Lists, Ingress Port | Planet Technology SGSW-24040R

User’s Manual of WGSW-24040 / WGSW-24040R

SGSW-24040 / SGSW-24040R

4.11 Access Control Lists

ACL is an acronym for Access Control List. It is the list table of ACEs, containing access control entries that specify individual users or groups permitted or denied to specific traffic objects, such as a process or a program.

Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there are specific traffic object access rights.

ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various situation. In networking, the ACL refers to a list of service ports or network services that are available on a host or server, each with a list of hosts or servers permitted or denied to use the service. ACL can generally be configured to control inbound traffic, and in this context, they are similar to firewalls.

ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID.

There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed, different parameter options that are available for individual application.

4.11.1 Access Control List Configuration

This page shows the Access Control List (ACL), which is made up of the ACEs defined for this Managed Switch. Each row describes the ACE that is defined.

The maximum number of ACEs is 128.

Click on the lowest plus sign to add a new ACE to the list.

The Access Control List Configuration screen in Figure 4-11-1appears.

Figure 4-11-1Access Control List Configuration page screenshot

The page includes the following fields:

ObjectDescription

• Ingress Port

Indicates the ingress port of the ACE. Possible values are:

•Any: The ACE will match any ingress port.

159

Image 159

Planet Technology SGSW-24040R, WGSW-24040R user manual Access Control Lists, Access Control List Configuration, Ingress Port

Contents

User’s Manual Weee Warning TrademarksDisclaimer FCC Warning CE Mark Warning Table of Conetnts 5.1 140 105118 132 187 159181 185 212 208 229 237244 251 257265 287 272277 282 297 290293 295 Product Description Packet Contents High Performance How to Use This Manual 24-Port 10/100/1000Base-T Gigabit Ethernet RJ-45 Product FeaturesHigh-performance 5GbE Stacking interface ¾ Layer 2 Features ¾ Physical Port ¾ Stacking ¾ Multicast¾ Security ¾ Management Hardware Specification Product Specification Traffic classification based, Strict priority and WRR Gigabit SFP slots Switch Front PanelHardware Description Gigabit TP interface Master LED Reset buttonAbout 1~3 second Stack ID LED Indications 1000Base-SX/LX SFP interfaces Shared Port-21~Port-24 Speed 1000MbpsOff To indicate that the SFP port is link down 5Rear panel of WGSW-24040 Switch Rear Panel AC Power Receptacle Stack portsCascade UP 9SGSW-24040 / SGSW-24040R Stack Ports DC Power Connector Desktop Installation Install the Switch Rack Mounting Supply power to the Managed Switch 13Plug-in the SFP transceiver Installing the SFP transceiver „ Approved Planet SFP Transceivers „ Connect the fiber cable„ Remove the transceiver module Page Power switch in the OFF position and the DC power is OFF Connecting DC Power Supply WGSW-24040R / SGSW-24040R SGSW-24040 / SGSW-24040R Stack Installation Management Stacking Connecting Stacking cable Stack ID Master LED 21Separated Stack connection This chapter covers the following topics Requirements Management Access Overview Administration ConsoleMethod Advantages Disadvantages „ 115200 bps „ 8 data bits „ No parity „ 1 stop bit Direct Access Web Management 4Web main screen of Managed Switch SNMP-Based Network Management ProtocolsVirtual Terminal Protocols Management Architecture Snmp Protocol About Web-based Management WEB Configuration Http//192.168.0.100 „ Logging on the switchPage RJ-45 Ports SFP Ports Stack Ports Main WEBPanel Display State Main Menu 5WGSW/SGSW Managed Switch Main Funcrions Menu System IP Configuration System Information Page IP Configuration Password User AuthenticationOld Password New Password Sntp Configuration Click System Web Firmware Upgrade WEB Firmware Upgrade Tftp Server IP Tftp Firmware UpgradeUpgrade button Click System -TFTP Firmware Upgrade 8TFTP Firmware upgrade pop-up message „ Configuration Download Configuration Save „ Configuration Upload Configuration UploadPage Factory Default System Reboot 18Set Start-up screenshot „ Example 1 Save Current Configuration setting 19Download system software screenshot „ Example 2 Downloading System Software from a Server „ Example 3 Downloading Configuration Settings from a Server „ Example 4 Saving or Restoring Configuration Settings Snmp Operations Snmp System ConfigurationSimple Network Management Protocol Snmp Overview Write Community ModeVersion Read Community System Name Snmp System Information ConfigurationSnmp Trap Configuration System Contact Trap Destination Trap ModeTrap Version Trap Community Group Name SNMPv3 ConfigurationSNMPv3 Accesses Configuration Delete Read View Name SNMPv3 Communities ConfigurationSecurity Model Security Level Security Name SNMPv3 Groups Configuration Protocol SNMPv3 Users ConfigurationAuthentication User Name View Name SNMPv3 Views ConfigurationPrivacy Password Privacy Protocol „ Example Add a new SNMPv3 user View TypeOID Subtree 9SNMPv3 Users-NEW page screenshot „ Example Add a new SNMPv3 Group 11SNMPv3 Groups-NEW page screenshot Port Management Port Configuration Flow Control Power ControlPort Link 2Port Statistics Overview page screenshot Port Statistics Overview Detailed Port Statistics Receive and Transmit Queue Counters Receive Error CountersReceive Total and Transmit Total Receive and Transmit Size Counters Port Mirroring Configuration Transmit Error CountersTx Drops Port to mirror to Mirror Port Configuration 6Port Mirror Configuration page screenshot „ Sgsw Stackable Switch 1Link Aggregation Link AggregationPage Destination MAC Static Aggregation ConfigurationStatic Aggregation Group Configuration Hash Code Contributors Locality Group IDPort Members Role Lacp ConfigurationLacp Enabled Key Lacp Port Status Lacp System Status Partner Port Lacp Discarded Lacp statisticsLacp Transmitted Lacp Received Vlan Overview Vlan Ieee 802.1Q Standard Ieee 802.1Q Vlan 802.1Q Vlan Tags Port Vlan ID Vlan Classification VLANs Vlan Learning ObjectDescription Vlan ModeVlan Basic Information Supported VLANs Understand nomenclature of the Switch Vlan Port Configuration Pvid This is the logical port number for this row Port Vlan ID In-Q ModeLink Type Ether type Vlan Membership Configuration „ Adding Static Members to VLANs Vlan IndexVlan ID „ Isolated ports Private Vlan ConfigurationOverview „ Promiscuous ports Pvlan Port Type IsolatedPromiscuous Bridge Protocol Data Units Rapid Spanning Tree Protocol Creating a Stable STP Topology STP Port StatesPort transitions from one state to another as follows Below ConfigurableExcept by setting priority STP Parameters STP Operation Levels Default Spanning-Tree Configuration Feature Default Value Maximum Age TimerForward Delay Timer Variable Description Default Value Port Priority Illustration of STP 110 Max Age Rstp System ConfigurationForward Delay System Priority Rstp Bridge Status Rstp Port Configuration Rstp EnabledPath Cost Priority EdgePoint2Point Port Type Link Type Ieee 802.1w-2001 Ethernet Rstp Port Status TCN Rstp Port StatisticsRstp STP Quality of Service Understand QOSQoS Terminology Frame.The following QCE types are supported QoS Control List ConfigurationQCL # QCE Type QoS Control Entry Configuration Type ValueTraffic Class Port QoS Configuration User Priority Default ClassQueuing Mode Queue Weighted QCL Configuration Wizard Set up Policy RulesApplication Rules Port in a QCL member, click the radio button Includes the folling fileds Object DescriptionQCL ID Frames that hit this QCE are set to match this specific QCL Set up Typical Network Application Rules Audio and VideoGames User Definition ButtonsSelect the QCL ID to which these QCEs apply Set up ToS Precedence Mapping Set up Vlan Tag Priority Mapping QoS Statistics Bandwidth Control Rate Storm Control ConfigurationFrame Type Status Multicast Igmp SnoopingAbout the Internet Group Management Protocol Igmp Snooping 133 Igmp Versions 1 0x170x12 „ Igmp Querier Idle Member Igmp Snooping Igmp Snooping ConfigurationFlooding enabled Enabled Igmp Querier Igmp Port Related Configuration Router PortFast Leave Igmp Snooping Status Object DescriptionVlan ID of the entry Multicast Address Table Ieee 802.1X Network Access Control Overview of 802.1X Port-Based AuthenticationOverview of MAC-Based Authentication „ Device Roles Understanding Ieee 802.1X Port-Based Authentication „ Authentication Initiation and Message Exchange „ Ports in Authorized and Unauthorized States 10-2EAP message exchange 10.2 802.1X System Configuration Radius IPRadius Secret Period ReauthenticationEnabled EAP Timeout 10.3 802.1X and MAC-Based Authentication Port Configuration Max Clients Port State Restart Last ID 10.4 802.1X Port StatusState Last Source 10-6802.1X Statistics Port 1 page screenshot 10.5 802.1X and MAC-Based Authentication Statistics Direction Name Ieee Name Description Eapol Counters Port- and MAC-based Radius Counters Direction Name Ieee NameDescription Port-based MAC-based MAC-based „ Last Supplicant/Client Info Windows Platform Radius Server Configuration 155 „ Configure Sample EAP-MD5 Authentication 10.7 802.1X Client Configuration 157 158 Access Control Lists Access Control List ConfigurationIngress Port Logging ActionRate Limiter Port Copy Switch ACE Configuration Dmac Filter „ MAC Parameters„ Vlan Parameters Smac Filter ARP/ Rarp „ ARP Parameters IP Protocol Filter „ IP ParametersIP/Ethernet Length Ethernet IP TTL „ TCP/UDP Parameters „ Icmp Parameters TCP ACK TCP FINTCP SYN TCP PSH ACL Configuration wizard „ Ethernet Type ParametersEtherType Filter 11-3Set up Policy Rules page screenshot Policy 5 for guest ports Internet access only Policy ID Set up Port Policies Ethernet Type Common ServersInstant Messaging MSN Messenger Google Talk Yahoo Messenger NetBIOS Ping Request Ping Reply OthersSnmp Traps 173 Set up Source MAC and Source IP Binding Binding EnabledSource IP Address UDP DoS Fraggle Set up DoS Attack Detection Rules Icmp DoS Smurf Death Deny Switch nPort n Policy n 512K ACL Rate Limiter ConfigurationRate Limiter ID 16K 32K 64K 128K ACL Ports Configuration 180 Address Table MAC Address Table ConfigurationAging Configuration Range 10-10000000 seconds Default 300 seconds Static MAC Table Configuration MAC Table Columns MAC Address Table StatusDynamic MAC Table Navigating the MAC Table 184 Secure DisableMAC Table Learning Auto 186 Link Layer Discovery Protocol Lldp Lldp Configuration „ Lldp ParametersTx Interval Tx Reinit „ 4.14.2.2 Lldp Port ConfigurationTx Delay Tx Hold Sys Capa Port DescrSys Name Sys Descr Lldp Neighbor „ Global Counters Lldp Statistics Local Counters Cable Diagnostics Network DiagnasticsCable Status Ping Destination IP AddressPing Size „ Ring topology „ Chain topology same as a disconnected ring Stacking SGSW-24040 / SGSW-24040R 197 „ Replacing a Switch Switch IDs„ Assigning and Swapping Switch IDs „ Removing a Switch From the Stack „ General Switch ID Assignment Rules Master ElectionStack Redundancy Utilize all stack links in the ring Shortest Path Forwarding Stack Configuration „ Stack List Master SwitchStack Information „ Stack Topology „ Master Forwarding Table 16-10Port State Overview page screenshot Stack Port State Ovewview Stack Example „ Identify the Master Switch 206 207 Logon to the Console Accessing the CLI „ Configure IP address Configure IP address Subnet Mask Gateway Switch/ ip setup 192.168.1.100 255.255.255.0 Telnet login Syntax System CommandCommand Groups System Configuration System Reboot System Restore DefaultExample Default Setting System NameSystem Prompt System Sntp System Password System Firmware Load System Timezone 217 IP Configuration SyntaxParameters IP Ping IP Setup 220 Port Management Command Port ConfigurationPort State Port Flow Control Port Mode Port Maximum Frame Port Excessive Port Power Port VeriPHY Port Statistics Port Numbers Mirror Configuration Mirror PortMirror SID Mirror Mode Parameters portlist Port list Link Aggregation CommandAggregation Configuration Aggregation Add Aggregation Lookup Aggregation Delete Aggregation Mode Lacp Configuration Lacp Key Lacp Mode Lacp Status Lacp Role Lacp Statistics 236 Vlan Configuration Command Vlan ConfigurationVlan Mode Vlan Frame Type AllTagged Allow tagged frames only Vlan Link Type Vlan Ingress Filter Vlan Q-in-Q Mode Vlan Ethernet TypeMan Set out layer Vlan tag ether type MAN Vlan Delete Vlan Add Vlan Lookup Pvlan Isolate Pvlan Configuration Spanning Tree Protocol Command Rstp ConfigurationRstp SysPrio Rstp Age Rstp Delay Rstp Mode Normal Rstp Default SettingRstp Version Rstp Priority Rstp Cost Rstp P2P Rstp Edge Rstp Status Rstp mCheck Rstp Statistics Multicast Configuration Command Igmp ConfigurationIgmp Mode Igmp State Igmp Fast Leave Igmp Querier Igmp Router Igmp Flooding Igmp GroupsIgmp Status 256 QoS Classes Quality of Service CommandQoS Configuration QoS Default QoS QCL Port QoS Tag Priority Qceid Qclid QCL ID Default SettingQoS QCL Add Parameters Qclid QoS QCL Lookup QoS QCL Delete QoS Mode QoS WeightQoS Rate Limiter QoS Shaper QoS Multicast QoS Unicast QoS Broadcast 802.1x Port Access Control Command Dot1x ConfigurationDotx1 Mode Dot1x Server Dot1x Status Dot1x Secret Dot1x Authenticate Dot1x Period Dot1x Re-authentication Dot1x Statistics Dot1x Timeout Dot1x Clients Dot1x AgetimeParameters Portlist Dot1x Holdtime Access Control List Command ACL ConfigurationACL Action ACL Rate ACL Policy ACL Add ACL Delete ACL Lookup MAC Address Table Command MAC ConfigurationMac Add MAC Lookup MAC Delete MAC Learning MAC Age Time MAC Statistics MAC Dump MAC Flash Lldp Command Lldp ConfigurationLldp Mode Lldp Interval Lldp Optional TLV Lldp Hold Lldp Delay Lldp Information Lldp Reinit Lldp Statistics Stack Management Command Stack ListStack Master Reelect Stack Select Stack SID SwapStack SID Delect Stack SID Asign Learning Forwarding & FilteringStore-and-Forward If attached device is 100Base-TX port will set to Auto-Negotiation 292 Switch does not power up Solution Link LED is not lit SolutionPerformance is bad Solution Why the Switch doesnt connect to the network Solution „ While IP Address be changed or forgotten admin password Stacking not functioning Solution Switchs RJ-45 Pin Assignments RJ-45 Connector pin assignment Contact10/100Mbps, 10/100Base-TX Straight Cable = Brown Straight Cable= Brown ARP ACEACL Aggregation DoS DESDhcp DNS Http DscpEthernet Type FTP Imap IcmpIeee Igmp Ipmc LldpMAC Table NFS NetBIOSMD5 Mirroring Private Vlan PingPolicer POP3 Samba QCLQoS Rarp Sntp SHASmtp Snmp ToS TCPTelnet Tftp UDP 308