SMC Networks TigerSwitch C, L, 4-125

A

CCESS

C

ONTROL

L

IST

C

OMMANDS

4-125

• The control-code bitmask is a decimal number (representing an

equivalent bit mask) that is applied to the control code. Enter a

decimal number, where the equivalent binary bit “1” means to match

a bit and “0” means to ignore a bit. The following bits may be

specified:

1 (fin) – Finish

2 (syn) – Synchronize

4 (rst) – Reset

8 (psh) – Push

16 (ack) – Acknowledgement

32 (urg) – Urgent pointer

For example, use the code value and mask below to catch packets with

the following flags set:

SYN flag valid, use “control-code 2 2”

Both SYN and ACK valid, use “control-code 18 18”

SYN valid and ACK invalid, use “control-code 2 18”

Example

This example accepts any incoming packets if the source address is within

subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0

& 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0),

the packet passes through.

This allows TCP packets from class C addresses 192.168.1.0 to any

destination address when set for destination TCP port 80 (i.e., HTTP).

This permits all TCP packets from class C addresses 192.168.1.0 with the

TCP control code set to “SYN.”

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any

Console(config-ext-acl)#

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any

destination-port 80

Console(config-ext-acl)#

Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any

control-flag 2 2

Console(config-ext-acl)#

Contents

Main TigerSwitch 10/100 24-Port 10/100Mbps Stackable Managed Switch Management Guide Management Guide Page Page Page L W IMITED ARRANTY W IMITED ARRANTY ii iii ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 3-1 iv v vi 4 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 4-1 vii viii ix x xi xii xiii xiv A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . .A-1 B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Page Page T xvii ABLES xviii Page F xx IGURES xxi xxii 1-1 NTRODUCTION Key Features 1-2 Description of Software Features F S 1-3 1-4 F S 1-5 1-6 D 1-7 System Defaults 1-8 D 1-9 Page NITIAL 2-1 ONFIGURATION Connecting to the Switch Configuration Options C 2-2 Required Connections S 2-3 C 2-4 Remote Connections O 2-5 Stack Operations Selecting the Stack Master Recovering from Stack Failure or Topology Change C 2-6 Basic Configuration Console Connection C 2-7 Setting Passwords C 2-8 Setting an IP Address Manual Configuration C 2-9 Dynamic Configuration C 2-10 Enabling SNMP Management Access C 2-11 Community Strings C 2-12 Trap Receivers Saving Configuration Settings S Managing System Files Page ONFIGURING THE 3-1 WITCH Using the Web Interface Page Navigating the Web Browser Interface S 3-4 Configuration Options Panel Display Main Menu Table 3-2 Main Menu S 3-6 M 3-7 S 3-8 M 3-9 S 3-10 C 3-11 Basic Configuration Displaying System Information Page C 3-13 Displaying Switch Hardware/Software Versions Page C 3-15 Displaying Bridge Extension Capabilities Page C 3-17 Setting the Switchs IP Address S 3-18 Manual Configuration C 3-19 Using DHCP/BOOTP S 3-20 C 3-21 Managing Firmware Page Page S 3-24 Saving or Restoring Configuration Settings C 3-25 Page C 3-27 S 3-28 Console Port Settings C 3-29 S 3-30 Telnet Settings C 3-31 S 3-32 C 3-33 Configuring Event Logging System Log Configuration S 3-34 C 3-35 Remote Log Configuration Page C 3-37 Page C 3-39 Sending Simple Mail Transfer Protocol Alerts Page C 3-41 Resetting the System S 3-42 Setting the System Clock Configuring SNTP C 3-43 S 3-44 Setting the Time Zone N Simple Network Management Protocol Setting Community Access Strings S 3-46 Specifying Trap Managers and Trap Types Page S 3-48 User Authentication Configuring User Accounts A 3-49 S 3-50 Configuring Local/Remote Logon Authentication A 3-51 S 3-52 Page S 3-54 CLI Specify all the required parameters to enable logon authentication. Configuring HTTPS A 3-55 S 3-56 Replacing the Default Secure-site Certificate A 3-57 Configuring the Secure Shell S 3-58 A 3-59 S 3-60 Generating the Host Key Pair A 3-61 S 3-62 Configuring the SSH Server Page S 3-64 Configuring Port Security A 3-65 S 3-66 Configuring 802.1X Port Authentication A 3-67 Page A 3-69 Configuring 802.1X Global Settings S 3-70 Configuring Port Settings for 802.1X A 3-71 S 3-72 A 3-73 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-5 802.1X Statistics S 3-74 A 3-75 Filtering Addresses for Management Access Page C L 3-77 Access Control Lists Configuring Access Control Lists S 3-78 Setting the ACL Name and Type Page Page C L 3-81 Configuring an Extended IP ACL S 3-82 C L 3-83 S 3-84 Configuring a MAC ACL Page Page Page Port Configuration C 3-89 Field Attributes (CLI) Basic Information: Configuration: S 3-90 Current Status: C 3-91 Configuring Interface Connections S 3-92 C 3-93 Creating Trunk Groups S 3-94 C } 3-95 Statically Configuring a Trunk Page C } ORT ONFIGURATION 3-97 Enabling LACP on Selected Ports S 3-98 C 3-99 Configuring LACP Parameters Dynamically Creating a Port Channel S 3-100 Page S 3-102 C 3-103 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 3-45 LACP - Port Counters Information S 3-104 CLI The following example displays LACP counters. Displaying LACP Settings and Status for the Local Side C 3-105 Table 3-7 LACP Internal Configuration Information (Continued) S 3-106 C 3-107 Displaying LACP Settings and Status for the Remote Side Table 3-8 LACP Neighbor Configuration Information S 3-108 C 3-109 Setting Broadcast Storm Thresholds Page C 3-111 Configuring Port Mirroring S 3-112 C 3-113 Configuring Rate Limits Rate Limit Granularity S 3-114 Rate Limit Configuration C 3-115 Showing Port Statistics S 3-116 Table 3-9 Port Statistics C 3-117 S 3-118 C 3-119 Page C ORT ONFIGURATION 3-121 CLI This example shows statistics for port 13. Address Table Settings Page S 3-124 Spanning Tree Algorithm Configuration S 3-126 x x T C A 3-127 Displaying Global Settings S 3-128 Page S CLI 3-130 This command displays global STA settings, followed by settings for each port . T C A 3-131 Configuring Global Settings S 3-132 Page Page T C A 3-135 Displaying Interface Settings x T x C A 3-137 S 3-138 T C A 3-139 Configuring Interface Settings S 3-140 T C A 3-141 VLAN Configuration 3-143 Assigning Ports to VLANs S 3-144 3-145 S 3-146 Forwarding Tagged/Untagged Frames 3-147 Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information S 3-148 Displaying Current VLANs Command Attributes (Web) 3-149 Command Attributes (CLI) S 3-150 Creating VLANs 3-151 S 3-152 Adding Static Members to VLANs (VLAN Index) 3-153 S 3-154 Adding Static Members to VLANs (Port Index) 3-155 S 3-156 Configuring VLAN Behavior for Interfaces 3-157 S 3-158 3-159 Private VLANs S 3-160 Displaying Current Private VLANs 3-161 Configuring Private VLANs S 3-162 3-163 Associating VLANs S 3-164 Displaying Private VLAN Interface Information 3-165 Configuring Private VLAN Interfaces S 3-166 3-167 S 3-168 Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces C S 3-169 S 3-170 Mapping CoS Values to Egress Queues C S 3-171 S 3-172 Selecting the Queue Mode Page S 3-174 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values C S 3-175 Selecting IP Precedence/DSCP Priority Page C S 3-177 Mapping DSCP Priority S 3-178 C S 3-179 Mapping IP Port Priority Page C S 3-181 Mapping CoS Values to ACLs Page F 3-183 Multicast Filtering S 3-184 Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters F 3-185 S 3-186 F 3-187 Displaying Interfaces Attached to a Multicast Router S 3-188 Specifying Static Interfaces for a Multicast Router F 3-189 Displaying Port Members of Multicast Services Page F 3-191 Assigning Ports to Multicast Services Page 4-1 4 I INE L OMMAND L I 4-2 Telnet Connection Page Entering Commands Page L I 4-6 Showing Commands Page L I 4-8 Understanding Command Modes Exec Commands C 4-9 Configuration Commands L I 4-10 C 4-11 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Groups G 4-13 Table 4-4 Command Groups (Continued) L I Line Commands Table 4-5 Line Commands C 4-15 line L I 4-16 login C 4-17 password L I 4-18 timeout login response C 4-19 exec-timeout L I 4-20 password-thresh C 4-21 silent-time L I 4-22 databits C 4-23 parity speed L I 4-24 stopbits C 4-25 disconnect show line Page C 4-27 General Commands enable L I 4-28 disable C 4-29 configure show history L I 4-30 reload C 4-31 end exit Page M C Device Designation Commands 4-33 System Management Commands Table 4-7 System Management Commands Table 4-8 Device Designation Commands L I 4-34 prompt hostname Page L I 4-36 username M C 4-37 enable password L I IP Filter Commands 4-38 M C 4-39 management L I 4-40 show management M C Web Server Commands 4-41 Table 4-12 Web Server Commands L I 4-42 ip http port ip http server M C 4-43 ip http secure-server L I 4-44 ip http secure-port M C 4-45 Telnet Server Commands ip telnet port L I 4-46 ip telnet server M C 4-47 Secure Shell Commands L I 4-48 M C 4-49 L I 4-50 ip ssh server M C 4-51 ip ssh timeout L I 4-52 ip ssh authentication-retries ip ssh server-key size M C 4-53 delete public-key ip ssh crypto host-key generate L I 4-54 ip ssh crypto zeroize M C 4-55 ip ssh save host-key L I 4-56 show ip ssh show ssh M C 4-57 show public-key Table 4-16 show ssh - display description (Continued) L I 4-58 M C 4-59 Event Logging Commands logging on L I 4-60 logging history M C 4-61 logging host L I 4-62 logging facility M C 4-63 logging trap L I 4-64 clear logging show logging M C 4-65 L I 4-66 show log M C 4-67 L I 4-68 SMTP Alert Commands logging sendmail host M C 4-69 logging sendmail level L I 4-70 logging sendmail source-email logging sendmail destination-email M C 4-71 logging sendmail show logging sendmail L I 4-72 Time Commands Table 4-22 Time Commands M C 4-73 sntp client L I 4-74 sntp server M C 4-75 sntp poll show sntp L I 4-76 clock timezone M C 4-77 calendar set L I System Status Commands 4-78 show calendar M C 4-79 light unit show startup-config Page M C ANAGEMENT YSTEM 4-81 L I 4-82 show running-config M C ANAGEMENT YSTEM 4-83 Page M C 4-85 show users L I 4-86 show version M C 4-87 Frame Size Commands jumbo frame Flash/File Commands C 4-89 copy L I 4-90 C LASH ILE 4-91 The following example shows how to copy the running configuration to a startup file. L I 4-92 delete dir C 4-93 L I 4-94 whichboot boot system Authentication Commands L I 4-96 Authentication Sequence authentication login C 4-97 authentication enable L I 4-98 C 4-99 RADIUS Client radius-server host L I 4-100 radius-server port C 4-101 radius-server key radius-server retransmit L I 4-102 radius-server timeout show radius-server C 4-103 TACACS+ Client L I 4-104 tacacs-server host tacacs-server port C 4-105 tacacs-server key show tacacs-server L I 4-106 Port Security Commands C 4-107 port security L I 4-108 802.1X Port Authentication C 4-109 dot1x system-auth-control [no] system-auth-control Disabled L I 4-110 dot1x default dot1x max-req C 4-111 dot1x port-control L I 4-112 dot1x operation-mode C 4-113 dot1x re-authenticate dot1x re-authentication L I 4-114 dot1x timeout quiet-period dot1x timeout re-authperiod C 4-115 dot1x timeout tx-period show dot1x L I 4-116 C 4-117 L I 4-118 C L Access Control List Commands L I IP ACLs 4-120 C L 4-121 access-list ip L I 4-122 permit, deny (Standard ACL) C L 4-123 permit, deny (Extended ACL) L I 4-124 C L 4-125 L I 4-126 show ip access-list ip access-group C L 4-127 show ip access-group L I 4-128 map access-list ip Page L I 4-130 MAC ACLs access-list mac C L 4-131 permit, deny (MAC ACL) L I 4-132 C L 4-133 show mac access-list mac access-group L I 4-134 show mac access-group map access-list mac C L 4-135 show map access-list mac L I 4-136 ACL Information show access-list C IST L ONTROL CCESS SNMP Commands snmp-server community 4-139 snmp-server contact Page 4-141 snmp-server host L I 4-142 snmp-server enable traps 4-143 show snmp L I 4-144 C 4-145 Interface Commands Table 4-40 Interface Commands L I 4-146 interface description 4-147 speed-duplex L I 4-148 negotiation 4-149 capabilities L I 4-150 flowcontrol 4-151 shutdown L I 4-152 switchport broadcast packet-rate 4-153 clear counters Page 4-155 show interfaces counters L I 4-156 4-157 show interfaces switchport L I 4-158 Table 4-41 Interfaces Switchport Statistics P Mirror Port Commands port monitor L I 4-160 show port monitor R Rate Limit Commands L I 4-162 rate-limit rate-limit granularity R C L 4-163 show rate-limit Link Aggregation Commands A C 4-165 L I 4-166 channel-group Page L I 4-168 lacp system-priority A C 4-169 L I 4-170 lacp admin-key (Ethernet Interface) A C 4-171 lacp admin-key (Port Channel) L I 4-172 lacp port-priority A C 4-173 show lacp L I 4-174 Table 4-45 show lacp counters - display description A C 4-175 Table 4-46 show lacp internal - display description L I 4-176 Table 4-46 show lacp internal - display description (Continued) A C 4-177 Table 4-47 show lacp neighbors - display description L Address Table Commands Table 4-48 show lacp sysid - display description Table 4-49 Address Table Commands T C 4-179 mac-address-table static Page T C 4-181 show mac-address-table L I 4-182 mac-address-table aging-time show mac-address-table aging-time Spanning Tree Commands Table 4-50 Spanning Tree Commands L I 4-184 spanning-tree T C 4-185 spanning-tree mode L I 4-186 spanning-tree forward-time T C 4-187 spanning-tree hello-time spanning-tree max-age L I 4-188 spanning-tree priority T C 4-189 spanning-tree pathcost method Page T C 4-191 spanning-tree port-priority L I 4-192 spanning-tree edge-port T C 4-193 spanning-tree portfast L I 4-194 spanning-tree link-type T C 4-195 spanning-tree protocol-migration L I 4-196 show spanning-tree T C REE PANNING 4-197 VLAN Commands Editing VLAN Groups vlan database 4-199 vlan L I 4-200 4-201 Configuring VLAN Interfaces interface vlan L I 4-202 switchport mode 4-203 switchport acceptable-frame-types L I 4-204 switchport ingress-filtering 4-205 switchport native vlan L I 4-206 switchport allowed vlan 4-207 switchport forbidden vlan L I 4-208 Displaying VLAN Information show vlan 4-209 Configuring Private VLANs L I 4-210 private-vlan 4-211 private vlan association Page 4-213 switchport mode private-vlan L I 4-214 switchport private-vlan host-association switchport private-vlan mapping 4-215 show vlan private-vlan L I 4-216 GVRP and Bridge Extension Commands Table 4-56 GVRP and Bridge Extension Commands GVRP C E B 4-217 L I 4-218 switchport gvrp GVRP C E B 4-219 L I 4-220 GVRP C E B 4-221 Priority Commands Table 4-57 Priority Commands Table 4-58 Priority Commands (Layer 2) C 4-223 queue mode L I 4-224 switchport priority default C 4-225 queue bandwidth L I 4-226 queue cos-map C 4-227 show queue mode show queue bandwidth L I 4-228 show queue cos-map C 4-229 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) Table 4-60 Priority Commands (Layer 3 and 4) L I 4-230 map ip port (Interface Configuration) C 4-231 map ip precedence (Global Configuration) L I 4-232 map ip precedence (Interface Configuration) C 4-233 map ip dscp (Global Configuration) map ip dscp (Interface Configuration) L I 4-234 C 4-235 show map ip port L I 4-236 show map ip precedence C 4-237 show map ip dscp L I Multicast Filtering Commands Table 4-63 Multicast Filtering Commands Table 4-64 IGMP Snooping Commands F C 4-239 ip igmp snooping ip igmp snooping vlan static L I 4-240 ip igmp snooping version F C 4-241 show ip igmp snooping show mac-address-table multicast L I IGMP Query Commands (Layer 2) 4-242 F C 4-243 ip igmp snooping querier ip igmp snooping query-count L I 4-244 ip igmp snooping query-interval F C 4-245 ip igmp snooping query-max-response-time L I 4-246 ip igmp snooping router-port-expire-time F C 4-247 Static Multicast Routing Commands ip igmp snooping vlan mrouter L I 4-248 show ip igmp snooping mrouter C IP Interface Commands ip address L I 4-250 C 4-251 ip dhcp restart Page C 4-253 show ip redirects ping L I 4-254 PPENDIX OFTWARE A-1 PECIFICATIONS Software Features Management Features S A-3 Standards S A-4 Management Information Bases PPENDIX B-1 B T Problems Accessing the Management Interface ROUBLESHOOTING B-2 S L B-3 Using System Logs Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Glossary-8 NDEX Numerics A B C G H I J L Q R S T U V W