SMC Networks SMC8624/48T , S, 3-74

C

ONFIGURING

THE

S

WITCH

3-74

Configuring a MAC ACL Mask

This mask defines the fields to check in the packet header.

Command Usage

You must configure a mask for an ACL rule before you can bind it to a

port.

Command Attributes

•Source/Destination MAC – Use “Any” to match any address,

“Host” to specify the host address for a single node, or “MAC” to

specify a range of addresses. (Options: Any, Host, MAC; Default: Any)

•Source/Destination MAC Bitmask – Address of rule must match

this bitmask.

•VID Bitmask – VLAN ID of rule must match this bitmask.

•Ethernet Type Bitmask – Ethernet type of rule must match this

bitmask.

•Packet Format Bitmask – A packet format must be specified in the

rule.

Console(config)#access-list ip standard A2 3-118

Console(config-std-acl)#permit 10.1.1.0 255.255.255.0 3-119

Console(config-std-acl)#deny 10.1.1.1 255.255.255.255

Console(config-std-acl)#exit

Console(config)#access-list ip mask-precedence in 3-123

Console(config-ip-mask-acl)#mask host any 3-125

Console(config-ip-mask-acl)#mask 255.255.255.0 any

Console(config-ip-mask-acl)#

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED ARRANTY W IMITED ARRANTY ii iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 iv v vi 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1 vii viii ix x xi xii xiii xiv xv A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Glossary Index T xvi ABLES xvii F xviii IGURES xix xx 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections Basic Configuration Console Connection C 2-5 Setting Passwords C 2-6 Setting an IP Address Manual Configuration C 2-7 Dynamic Configuration C 2-8 C 2-9 Enabling SNMP Management Access Community Strings C 2-10 C 2-11 Trap Receivers Saving Configuration Settings C Managing System Files Page Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface S 3-4 Configuration Options Panel Display I B W 3-5 S 3-6 I B W 3-7 S 3-8 I B W 3-9 S 3-10 I B W 3-11 Basic Configuration C 3-13 S 3-14 Displaying Switch Hardware/Software Versions C ASIC 3-15 Web Click System, Switch Information. Figure 3-4. Switch Information CLI Use the following command to display version information. S 3-16 Displaying Bridge Extension Capabilities C 3-17 Setting the Switchs IP Address S 3-18 Page Page C 3-21 S 3-22 Managing Firmware Downloading System Software from a Server Page S 3-24 Saving or Restoring Configuration Settings C 3-25 Downloading Configuration Settings from a Server S 3-26 Resetting the System C 3-27 Setting the System Clock Configuring SNTP S 3-28 C 3-29 Setting the Time Zone S Simple Network Management Protocol Setting Community Access Strings Page S 3-32 A 3-33 User Authentication Configuring the Logon Password S 3-34 Configuring Local/Remote Logon Authentication A 3-35 S 3-36 A 3-37 S 3-38 Configuring HTTPS A 3-39 S 3-40 Replacing the Default Secure-site Certificate A 3-41 Configuring the Secure Shell S 3-42 A 3-43 Generating the Host Key Pair S 3-44 Page S 3-46 Configuring the SSH Server Page S 3-48 Configuring Port Security A 3-49 Page A 3-51 Configuring 802.1x Port Authentication S 3-52 Displaying 802.1x Global Settings A 3-53 S 3-54 A 3-55 Configuring 802.1x Global Settings S 3-56 Configuring Port Authorization Mode A 3-57 S Statistical Values 3-58 Displaying 802.1x Statistics Page S 3-60 Access Control Lists Configuring Access Control Lists C L 3-61 Setting the ACL Name and Type S 3-62 C L 3-63 Configuring a Standard IP ACL S 3-64 Configuring an Extended IP ACL C L 3-65 Page C L 3-67 Configuring a MAC ACL Page Page Page C L 3-71 Configuring an IP ACL Mask Page Page S 3-74 Configuring a MAC ACL Mask Page S 3-76 Binding a Port to an Access Control List Page S 3-78 Filtering Management Access Page S 3-80 Port Configuration Displaying Connection Status Field Attributes (Web) C 3-81 Field Attributes (CLI) Basic information: Configuration: S 3-82 Current status: C ORT 3-83 CLI This example shows the connection status for Port 5. S 3-84 Configuring Interface Connections C 3-85 S 3-86 Creating Trunk Groups C 3-87 } S 3-88 Statically Configuring a Trunk C } ORT 3-89 Enabling LACP on Selected Ports } Page C 3-91 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-92 Page S Counter Information 3-94 Displaying LACP Port Counters C 3-95 Figure 3-41. Displaying LACP Port Counters Information Table 3-5. LACP Port Counter Information S Internal Configuration Information 3-96 CLI The following example displays LACP counters for port channel 1. C 3-97 Table 3-6. LACP Settings S 3-98 C 3-99 Displaying LACP Settings and Status for the Remote Side Neighbor Configuration Information Table 3-7. LACP Remote Side Settings S 3-100 Page S 3-102 C 3-103 Configuring Port Mirroring Page C 3-105 S 3-106 Showing Port Statistics Statistical Values C 3-107 S 3-108 C 3-109 S 3-110 Figure 3-47. Displaying Port Statistics Page S 3-112 Address Table Settings Setting Static Addresses Page Page Page S 3-116 Spanning Tree Algorithm Configuration Page S 3-118 T C A 3-119 Page T C A 3-121 Configuring Global Settings S 3-122 T C A 3-123 S 3-124 Page S 3-126 Displaying Interface Settings T C A 3-127 x S x 3-128 T C A 3-129 S 3-130 Configuring Interface Settings T C A 3-131 S 3-132 Page S 3-134 Page S 3-136 CLI This displays STA settings for instance 1, followed by settings for each port. Page S 3-138 T C A 3-139 Configuring Interface Settings for MSTP S 3-140 3-141 VLAN Configuration Overview S 3-142 Assigning Ports to VLANs 3-143 S 3-144 3-145 Forwarding Tagged/Untagged Frames Page 3-147 Displaying Current VLANs Command Attributes (Web) Page 3-149 Creating VLANs S 3-150 3-151 Adding Static Members to VLANs (VLAN Index) S 3-152 3-153 Adding Static Members to VLANs (Port Index) Page 3-155 S 3-156 3-157 x S 3-158 Configuring Private VLANs Enabling Private VLANs 3-159 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs S 3-160 Configuring Protocol Groups 3-161 Mapping Protocols to VLANs S 3-162 C Class of Service Configuration Setting the Default Priority for Interfaces S 3-164 C S 3-165 Mapping CoS Values to Egress Queues S 3-166 Page Page C S 3-169 Mapping Layer 3/4 Priorities to CoS Values Page Page S 3-172 C S 3-173 Mapping DSCP Priority S 3-174 Page S 3-176 Page Page C S 3-179 Page F 3-181 Multicast Filtering S 3-182 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters F 3-183 S 3-184 F 3-185 Displaying Interfaces Attached to a Multicast Router S 3-186 Specifying Static Interfaces for a Multicast Router F 3-187 Displaying Port Members of Multicast Services S 3-188 Assigning Ports to Multicast Services F 3-189 S 3-190 Configuring Domain Name Service Configuring General DNS Server Parameters D S N 3-191 Page D S N 3-193 Configuring Static DNS Host to Address Entries Page Page S 3-196 Web Select DNS, Cache. Page L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below Table 4-4. Command Group Index Table 4-3. G 4-13 Table 4-4. Command Group Index L I Line Commands C 4-15 line L I 4-16 login C 4-17 password L I 4-18 exec-timeout C 4-19 password-thresh Page C 4-21 databits Page C 4-23 speed Page C 4-25 show line L I General Commands enable C 4-27 disable Page C 4-29 reload L I 4-30 end Page L I 4-32 This example shows how to quit a CLI session: System Management Commands Table 4-7. System Mangement Commands M C 4-33 Device Designation Commands prompt L I 4-34 hostname User Access Commands M C 4-35 username L I 4-36 enable password M C IP Filter Commands 4-37 L I 4-38 management M C 4-39 show management L I Web Server Commands 4-40 Table 4-11. Web Server Command M C 4-41 ip http port ip http server L I 4-42 ip http secure-server M C 4-43 L I 4-44 ip http secure-port M C 4-45 Secure Shell Commands L I 4-46 M C 4-47 L I 4-48 ip ssh server M C 4-49 ip ssh timeout L I 4-50 ip ssh authentication-retries M C 4-51 ip ssh server-key size delete public-key L I 4-52 ip ssh crypto host-key generate M C 4-53 ip ssh crypto zeroize L I 4-54 ip ssh save host-key show ip ssh M C 4-55 show ssh Use this command to display the current SSH server connections. Command Mode L I 4-56 show public-key Table 4-13. SSH Information M C 4-57 L I 4-58 Event Logging Commands logging on M C 4-59 logging history L I 4-60 logging host M C 4-61 logging facility L I 4-62 logging trap clear logging M C 4-63 show logging L I The following example displays settings for the trap function. 4-64 M C 4-65 show logging sendmail (4-69) SMTP Alert Commands L I 4-66 logging sendmail host M C 4-67 logging sendmail level logging sendmail source-email L I 4-68 logging sendmail destination-email M C 4-69 logging sendmail show logging sendmail L I 4-70 Time Commands Table 4-16. Time Commands M C 4-71 sntp server L I 4-72 sntp poll sntp client M C 4-73 L I 4-74 sntp broadcast client show sntp M C 4-75 clock timezone L I 4-76 calendar set show calendar M C 4-77 Example System Status Commands Page M C ANAGEMENT YSTEM 4-79 L I 4-80 show running-config M C ANAGEMENT YSTEM 4-81 L I 4-82 show system M C 4-83 show users show version L I 4-84 Frame Size Commands jumbo frame Flash/File Commands L I 4-86 copy C 4-87 L I 4-88 The following example shows how to copy the running configuration to a startup file. The following example shows how to download a configuration file: C 4-89 delete L I 4-90 dir C 4-91 whichboot L I 4-92 boot system C Authentication Commands Authentication Sequence L I 4-94 authentication login C 4-95 RADIUS Client radius-server host L I 4-96 radius-server port C 4-97 radius-server key radius-server retransmit L I 4-98 radius-server timeout show radius-server C 4-99 TACACS+ Client tacacs-server host L I 4-100 tacacs-server port C 4-101 tacacs-server key show tacacs-server L I 4-102 Port Security Commands port security C 4-103 L I 4-104 802.1x Port Authentication C 4-105 authentication dot1x default L I 4-106 dot1x default dot1x max-req C 4-107 dot1x port-control L I 4-108 dot1x operation-mode dot1x re-authenticate C 4-109 dot1x re-authentication dot1x timeout quiet-period L I 4-110 dot1x timeout re-authperiod dot1x timeout tx-period C 4-111 show dot1x L I 4-112 C UTHENTICATION 4-113 L I Access Control List Commands C L 4-115 L I IP ACLs 4-116 C L 4-117 Table 4-27. IP ACL Commands L I 4-118 access-list ip C L 4-119 permit, deny (Standard ACL) L I 4-120 permit, deny (Extended ACL) C L 4-121 L I 4-122 C L 4-123 show ip access-list access-list ip mask-precedence L I 4-124 C L 4-125 mask (IP ACL) L I 4-126 C IST L ONTROL CCESS L I 4-128 show access-list ip mask-precedence C L 4-129 ip access-group L I 4-130 show ip access-group map access-list ip Page L I 4-132 show map access-list ip C L 4-133 match access-list ip L I 4-134 show marking C L 4-135 MAC ACLs Table 4-28. MAC ACL Commands L I 4-136 access-list mac C L 4-137 permit, deny (MAC ACL) L I 4-138 C L 4-139 show mac access-list access-list mac mask-precedence L I 4-140 mask (MAC ACL) Page L I 4-142 C L 4-143 show access-list mac mask-precedence L I 4-144 mac access-group C L 4-145 show mac access-group map access-list mac L I 4-146 show map access-list mac C L 4-147 match access-list mac L I 4-148 ACL Information show access-list SNMP Commands L I 4-150 snmp community 4-151 snmp contact snmp location L I 4-152 snmp host 4-153 L I 4-154 snmp enable traps Page L I 4-156 4-157 DNS Commands L I 4-158 ip host 4-159 clear host ip domain-name L I 4-160 ip domain-list 4-161 L I 4-162 ip name-server 4-163 ip domain-lookup Page 4-165 show dns show dns cache Page Page L I 4-167 Interface Commands Table 4-32. Interface Commands C 4-168 interface description L I 4-169 speed-duplex C 4-170 negotiation Page C 4-172 capabilities L I 4-173 flowcontrol C 4-174 combo-forced-mode L I 4-175 shutdown C 4-176 switchport broadcast packet-rate L I 4-177 clear counters Page L I 4-179 show interfaces counters C 4-180 L I 4-181 show interfaces switchport C 4-182 L I 4-183 Mirror Port Commands port monitor P C 4-184 show port monitor L Rate Limit Commands Page L I 4-187 Link Aggregation Commands A C 4-188 Page Page L I 4-191 A C 4-192 lacp system-priority L I 4-193 lacp admin-key (Ethernet Interface) A C 4-194 lacp admin-key (Port Channel) L I 4-195 lacp port-priority A C 4-196 show lacp L I 4-197 A C 4-198 L I 4-199 T C Address Table Commands Table 4-36. Adress Table Commands L I 4-201 mac-address-table static Page L I 4-203 mac-address-table aging-time Page L I 4-205 Spanning Tree Commands Table 4-37. Spanning Tree Commands T C 4-206 spanning-tree Table 4-37. Spanning Tree Commands L I 4-207 spanning-tree mode T C 4-208 L I 4-209 spanning-tree forward-time T C 4-210 spanning-tree hello-time spanning-tree max-age L I 4-211 spanning-tree priority T C 4-212 spanning-tree pathcost method Page T C 4-214 mst vlan L I 4-215 mst priority T C 4-216 name L I 4-217 revision T C 4-218 max-hops Page T C 4-220 spanning-tree port-priority L I 4-221 spanning-tree edge-port T C 4-222 spanning-tree portfast L I 4-223 spanning-tree link-type T C 4-224 spanning-tree mst cost L I 4-225 T C 4-226 spanning-tree mst port-priority Page T C 4-228 show spanning-tree L I 4-229 Page L I Editing VLAN Groups 4-231 VLAN Commands Table 4-38. VLAN Commands Table 4-39. Editing VLAN Groups 4-232 vlan database L I 4-233 vlan 4-234 Configuring VLAN Interfaces Table 4-40. Configuring VLAN Interfaces L I 4-235 interface vlan 4-236 switchport mode L I 4-237 switchport acceptable-frame-types 4-238 switchport ingress-filtering L I 4-239 switchport native vlan 4-240 switchport allowed vlan L I 4-241 switchport forbidden vlan 4-242 Displaying VLAN Information show vlan L I 4-243 Configuring Protocol-based VLANs 4-244 protocol-vlan protocol-group (Configuring Groups) L I 4-245 protocol-vlan protocol-group (Configuring Interfaces) 4-246 show protocol-vlan protocol-group L I 4-247 show interfaces protocol-vlan protocol-group 4-248 Configuring Private VLANs pvlan L I 4-249 show pvlan GVRP GVRP and Bridge Extension Commands bridge-ext gvrp L I 4-251 show bridge-ext GVRP C E B 4-252 L I 4-253 garp timer GVRP C E B 4-254 Priority Commands C 4-256 Priority Commands (Layer 2) switchport priority default L I 4-257 C 4-258 queue mode L I 4-259 queue bandwidth C 4-260 queue cos-map L I 4-261 show queue mode C 4-262 show queue bandwidth show queue cos-map L I 4-263 Default Setting None Command Mode Example C 4-264 map ip port (Global Configuration) map ip port (Interface Configuration) L I 4-265 map ip precedence (Global Configuration) C 4-266 map ip precedence (Interface Configuration) L I 4-267 map ip dscp (Global Configuration) C 4-268 map ip dscp (Interface Configuration) L I 4-269 show map ip port C 4-270 show map ip precedence L I 4-271 show map ip dscp F Multicast Filtering Commands IGMP Snooping Commands L I 4-273 ip igmp snooping F C 4-274 ip igmp snooping vlan static L I 4-275 ip igmp snooping version F C 4-276 show ip igmp snooping show mac-address-table multicast L I IGMP Query Commands (Layer 2) 4-277 F C 4-278 ip igmp snooping querier ip igmp snooping query-count L I 4-279 ip igmp snooping query-interval F C 4-280 ip igmp snooping query-max-response-time L I 4-281 ip igmp snooping router-port-expire-time F C 4-282 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-283 show ip igmp snooping mrouter C IP Interface Commands Basic IP Configuration L I 4-285 ip address C 4-286 ip dhcp restart L I 4-287 ip default-gateway C 4-288 show ip interface show ip redirects L I 4-289 ping C 4-290 Related Commands interface (4 -168) Page PPENDIX OFTWARE A-1 PECIFICATIONS Software Features S A-2 S A-3 Management Features Standards S A-4 Management Information Bases PPENDIX B-1 B T ROUBLESHOOTING Table B-1. Troubleshooting Chart Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 NDEX Numerics A B C E F G H I P Q R S T U V W