Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks 100BASE-TX, 16 10BASE-T 3-55, Configuring a Standard IP ACL

1 384

Download 384 pages, 5.44 Mb

Access Control Lists

3-55

3

Configuring a Standard IP ACL

Command Attributes

•Action – An ACL can contain all permit rules or all deny rules. (Default: Permit)

•Address Type – Specifies the source IP address. Use “An y” to include all possible

addresses, “Host” to specify a specific host address in the Addr ess field, or “IP” to

specify a range of addresses with the Address and SubMask fields.

(Options: Any, Host, IP; Default: Any)

•IP Address – Source IP address.

•Subnet Mask – A subnet mask containing four integers from 0 to 255, each

separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to

indicate “ignore.” The mask is bitwise ANDed with the specified source IP address,

and compared with the address for each IP packet entering the port(s) to which thi s

ACL has been assigned.

Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host,

or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet

address and the mask for an address range. Then click Add.

Figure 3-34. Configuring Standard ACLs

CLI – This example configures one permit rule for the specific address 10.1.1.21

and another rule for the address range 168.92.16.x – 168.92.31.x using a bi tmask.

Console(config-std-acl)#permit host 10.1.1.21 4-87

Console(config-std-acl)#permit 168.92.16.0 255.255.240.0

Console(config-std-acl)#

Contents

Main TigerSwitch 10/100 16-Port Fast Ethernet Switch Management Guide Page Page Page L W IMITED i ARRANTY ii Contents Page Page Page Page Page Page Page Page Page Tables Page Figures Page 1-1 Chapter 1: Introduction Key Features Table1-1. Key Features 1-2 Description of Software Features Description of Software Features 1-3 1-4 System Defaults 1-5 System Defaults 1-6 Table1-2. System Defaults (Continued) System Defaults 1-7 Table1-2. System Defaults (Continued) Page 2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options 2-2 Required Connections 2-3 Remote Connections Basic Configuration Console Connection 2-4 Setting Passwords Setting an IP Address Manual Configuration 2-5 Dynamic Configuration 2-6 Enabling SNMP Management Access Community Strings 2-7 Trap Receivers Saving Configuration Settings 2-8 Managing System Files 3-1 Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Panel Display 3-3 Configuration Options Panel Display 3-4 Main Menu Main Menu 3-5 3-6 Main Menu 3-7 3-8 Basic Configuration Displaying System Information 3-9 Displaying Switch Hardware/Software Versions 3-10 3-11 Displaying Bridge Extension Capabilities 3-12 Setting the Switchs IP Address Page 3-14 Using DHCP/BOOTP 3-15 Managing Firmware Page 3-17 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Settings from a Server 3-19 Console Port Settings 3-20 3-21 Telnet Settings 3-22 3-23 Configuring Event Logging System Log Configuration 3-24 3-25 Remote Logs Configuration 3-26 Displaying Log Messages 3-27 Resetting the System Setting the System Clock 3-28 Configuring SNTP Simple Network Management Protocol 3-29 Setting the Time Zone Simple Network Management Protocol 3-30 Setting Community Access Strings Simple Network Management Protocol 3-31 Specifying Trap Managers and Trap Types 3-32 User Authentication Configuring User Accounts Page 3-34 Configuring Local/Remote Logon Authentication 3-35 3-36 3-37 Configuring HTTPS 3-38 Replacing the Default Secure-site Certificate 3-39 Configuring the Secure Shell 3-40 3-41 Generating the Host Key Pair 3-42 3-43 Configuring the SSH Server 3-44 Configuring Port Security 3-45 3-46 Configuring 802.1x Port Authentication 3-47 Displaying 802.1x Global Settings 3-48 Configuring 802.1x Global Settings Configuring Port Settings for 802.1x 3-49 3-50 3-51 Displaying 802.1x Statistics 3-52 3-53 Access Control Lists Configuring Access Control Lists 3-54 Setting the ACL Name and Type 3-55 Configuring a Standard IP ACL 3-56 Configuring an Extended IP ACL 3-57 3-58 Configuring a MAC ACL 3-59 Binding a Port to an Access Control List 3-60 Filtering Addresses for Management Access Filtering Addresses for Management Access 3-61 3-62 Port Configuration Displaying Connection Status 3-63 3-64 Configuring Interface Connections 3-65 3-66 Creating Trunk Groups 3-67 Statically Configuring a Trunk } active links statically configured 3-68 Enabling LACP on Selected Ports } } 3-69 3-70 Configuring LACP Parameters Page 3-72 3-73 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 3-44. Displaying LACP Port Counters CLI The following example displays LACP counters. Table 3-6. LACP Statistics 3-74 Displaying LACP Settings and Status for the Local Side 3-75 3-76 Displaying LACP Settings and Status for the Remote Side 3-77 Setting Broadcast Storm Thresholds 3-78 3-79 Configuring Port Mirroring 3-80 Configuring Rate Limits Rate Limit Granularity 3-81 Rate Limit Configuration 3-82 Showing Port Statistics 3-83 Table 3-9. Port Statistics (Continued) 3-84 Table 3-9. Port Statistics (Continued) Page 3-86 Address Table Settings Setting Static Addresses Address Table Settings 3-87 Displaying the Address Table Page 3-89 Changing the Aging Time Spanning Tree Algorithm Configuration 3-90 Displaying Global Settings x x 3-91 3-92 3-93 Configuring Global Settings 3-94 3-95 3-96 Displaying Interface Settings x x 3-97 3-98 3-99 Configuring Interface Settings 3-100 3-101 VLAN Configuration IEEE 802.1Q VLANs Assigning Ports to VLANs 3-102 3-103 Forwarding Tagged/Untagged Frames 3-104 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Informati on 3-105 Displaying Current VLANs 3-106 3-107 Creating VLANs 3-108 Adding Static Members to VLANs (VLAN Index) 3-109 3-110 Adding Static Members to VLANs (Port Index) 3-111 Configuring VLAN Behavior for Interfaces 3-112 3-113 Private VLANs x Page 3-115 Configuring Private VLANs 3-116 Associating Community VLANs 3-117 Displaying Private VLAN Interface Information 3-118 Configuring Private VLAN Interfaces 3-119 3-120 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces 3-121 3-122 Mapping CoS Values to Egress Queues 3-123 Selecting the Queue Mode 3-124 Setting the Service Weight for Traffic Classes 3-125 3-126 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 3-127 Mapping IP Precedence 3-128 Mapping DSCP Priority 3-129 3-130 Mapping IP Port Priority 3-131 Mapping CoS Values to ACLs 3-132 Multicast Filtering 3-133 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters 3-134 3-135 Displaying Interfaces Attached to a Multicast Router 3-136 Specifying Static Interfaces for a Multicast Router 3-137 Displaying Port Members of Multicast Services 3-138 Assigning Ports to Multicast Services Page Page 4-1 Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection 4-2 4-3 Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands The command show interfaces ? will display the following information: 4-5 Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes 4-6 Exec Commands Configuration Commands 4-7 4-8 Command Line Processing Command Groups 4-9 Command Groups The system commands can be broken down into the fun ctional groups shown below Table4-4. Co mmand Groups 4-10 Line Commands line 4-11 login 4-12 password 4-13 timeout login response exec-timeout 4-14 password-thresh 4-15 silent-time databits 4-16 parity 4-17 speed stopbits 4-18 disconnect show line 4-19 General Commands enable 4-20 disable 4-21 configure show history 4-22 reload end 4-23 exit quit 4-24 System Management Commands Device Designation Commands prompt 4-25 hostname User Access Commands 4-26 username 4-27 enable password 4-28 IP Filter Commands management 4-29 show management 4-30 Web Server Commands ip http port ip http server 4-31 ip http secure-server 4-32 ip http secure-port 4-33 Telnet Server Commands ip telnet port ip telnet server 4-34 Secure Shell Commands 4-35 4-36 ip ssh server 4-37 ip ssh timeout ip ssh authentication-retries 4-38 ip ssh server-key size delete public-key 4-39 ip ssh crypto host-key generate ip ssh crypto zeroize 4-40 ip ssh save host-key show ip ssh 4-41 Example show ssh This command displays the current SSH server connections. Command Mode Privileged Exec Example Table4-16. show ssh - display description 4-42 show public-key 4-43 Event Logging Commands logging on 4-44 logging history 4-45 logging host logging facility 4-46 logging trap clear logging 4-47 show log 4-48 show logging 4-49 The following example displays settings for the trap function. Time Commands Table4-20. sho w logging trap - display description Table4-21. Time Commands 4-50 sntp client 4-51 sntp server sntp poll 4-52 show sntp clock timezone 4-53 calendar set show calendar 4-54 System Status Commands light unit 4-55 show startup-config 4-56 show running-config 4-57 Example Related Commands show startup-config (4-55) 4-58 show system show users 4-59 show version 4-60 Frame Size Commands jumbo frame 4-61 Flash/File Commands copy 4-62 4-63 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: 4-64 delete dir 4-65 whichboot 4-66 boot system 4-67 Authentication Commands Authentication Sequence authentication login 4-68 authentication enable 4-69 RADIUS Client radius-server host 4-70 radius-server port 4-71 radius-server key radius-server retransmit 4-72 radius-server timeout show radius-server 4-73 TACACS+ Client tacacs-server host tacacs-server port 4-74 tacacs-server key show tacacs-server 4-75 Port Security Commands port security 4-76 4-77 802.1x Port Authentication dot1x system-auth-control 4-78 dot1x default dot1x max-req 4-79 dot1x port-control dot1x operation-mode 4-80 dot1x re-authenticate dot1x re-authentication 4-81 dot1x timeout quiet-period dot1x timeout re-authperiod 4-82 dot1x timeout tx-period show dot1x 4-83 4-84 4-85 Access Control List Commands 4-86 IP ACLs access-list ip 4-87 permit, deny (Standard ACL) 4-88 permit, deny (Extended ACL) 4-89 4-90 show ip access-list ip access-group 4-91 show ip access-group map access-list ip 4-92 show map access-list ip 4-93 MAC ACLs access-list mac 4-94 permit, deny (MAC ACL) 4-95 show mac access-list mac access-group 4-96 show mac access-group map access-list mac 4-97 show map access-list mac 4-98 ACL Information show access-list show access-group 4-99 SNMP Commands snmp-server community 4-100 snmp-server contact snmp-server location 4-101 snmp-server host 4-102 snmp-server enable traps show snmp 4-103 4-104 Interface Commands interface 4-105 description speed-duplex 4-106 negotiation 4-107 capabilities 4-108 flowcontrol 4-109 shutdown 4-110 switchport broadcast packet-rate clear counters 4-111 show interfaces status 4-112 show interfaces counters 4-113 show interfaces switchport 4-114 Example This example shows the configuration setting for port 16. Table4-40. Inte rfaces Switchport Statistics Mirror Port Commands 4-115 Mirror Port Commands port monitor 4-116 show port monitor Rate Limit Commands 4-117 Rate Limit Commands rate-limit 4-118 rate-limit granularity show rate-limit 4-119 Link Aggregation Commands 4-120 channel-group 4-121 lacp 4-122 lacp system-priority 4-123 lacp admin-key (Ethernet Interface) 4-124 lacp admin-key (Port Channel) 4-125 lacp port-priority show lacp 4-126 4-127 Table4-45. show lacp internal - display description 4-128 Table4-46. sho w lacp neighbors - display description Address Table Commands 4-129 Address Table Commands Table4-47. sh ow lacp sysid - display description Table4-48. Addr ess Table Commands 4-130 mac-address-table static Address Table Commands 4-131 clear mac-address-table dynamic show mac-address-table 4-132 mac-address-table aging-time show mac-address-table aging-time 4-133 Spanning Tree Commands spanning-tree 4-134 spanning-tree mode 4-135 spanning-tree forward-time spanning-tree hello-time 4-136 spanning-tree max-age 4-137 spanning-tree priority spanning-tree pathcost method 4-138 spanning-tree transmission-limit spanning-tree cost 4-139 spanning-tree port-priority 4-140 spanning-tree edge-port 4-141 spanning-tree portfast spanning-tree link-type 4-142 spanning-tree protocol-migration 4-143 show spanning-tree 4-144 4-145 VLAN Commands Editing VLAN Groups vlan database 4-146 vlan 4-147 Configuring VLAN Interfaces interface vlan 4-148 switchport mode switchport acceptable-frame-types 4-149 switchport ingress-filtering 4-150 switchport native vlan 4-151 switchport allowed vlan 4-152 switchport forbidden vlan 4-153 Displaying VLAN Information show vlan 4-154 Configuring Private VLANs 4-155 private-vlan 4-156 private vlan association switchport mode private-vlan 4-157 switchport private-vlan host-association 4-158 switchport private-vlan ma pping show vlan private-vlan GVRP and Bridge Extension Commands 4-159 GVRP and Bridge Extension Commands bridge-ext gvrp 4-160 show bridge-ext switchport gvrp GVRP and Bridge Extension Commands 4-161 show gvrp configuration garp timer 4-162 show garp timer 4-163 Priority Commands Priority Commands (Layer 2) 4-164 queue mode queue bandwidth 4-165 switchport priority default 4-166 queue cos-map 4-167 show queue mode show queue bandwidth 4-168 show queue cos-map 4-169 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) 4-170 map ip port (Interface Configuration) map ip precedence (Global Configuration) 4-171 map ip precedence (Interface Configuration) 4-172 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) 4-173 show map ip port 4-174 show map ip precedence 4-175 show map ip dscp 4-176 Multicast Filtering Commands IGMP Snooping Commands 4-177 ip igmp snooping ip igmp snooping vlan static 4-178 ip igmp snooping version show ip igmp snooping 4-179 show mac-address-table multicast 4-180 IGMP Query Commands (Layer 2) ip igmp snooping querier ip igmp snooping query-count 4-181 ip igmp snooping query-interval 4-182 ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time 4-183 Static Multicast Routing Commands ip igmp snooping vlan mrouter 4-184 show ip igmp snooping mrouter 4-185 IP Interface Commands ip address 4-186 ip dhcp restart 4-187 ip default-gateway show ip interface 4-188 show ip redirects ping 4-189 Page A-1 Appendix A: Software Specifications Software Features Software Specifications A-2 A Management Features Standards Management Information Bases A-3 A Management Information Bases Page B-1 Appendix B: Troubleshooting Problems Accessing the Management Interface TableB-1. Troubleshooting Chart Troubleshooting B-2 B Using System Logs Glossary Page Page Page Page Page Index Index-1 Numerics A B Index-2 Index J L M Index-3 Index R S T U