To Next Page

To Previous Page

23-1

HAPTER

CCESS

ONTROL

IST

OMMANDS

Access Control Lists (ACL) provide packet filtering for IPv4 frames (based

on address, protocol, Layer 4 protocol port number or TCP control code),

IPv6 frames (based on address, next header type, or flow label), or any

frames (based on MAC address or Ethernet type). To filter packets, first

create an access list, add the required rules, and then bind the list to a

specific port. This section describes the Access Control List commands.

Table 23-1 Access Control List Commands

Command Groups Function Page

IPv4 ACLs Configures ACLs based on IPv4 addresses, TCP/

UDP port number, protocol type, and TCP control

code

23-2

IPv6 ACLs Configures ACLs based on IPv6 addresses, next

header type, and flow label

23-9

MAC ACLs Configures ACLs based on hardware addresses,

packet format, and Ethernet type

23-16

ACL Information Displays ACLs and associated rules; shows ACLs

assigned to each port

23-21

Default Chapter1
- Management Guide1
- Table of Contents7
- Able of8
Section I Getting Started35
1 Introduction37
- Key Features37
- Table 1-1 Key Features38
- Description of Software Features39
- System Defaults45
- Table 1-2 System Defaults48
2 Initial Configuration49
- Connecting to the Switch49
- Stack Operations53
- Basic Configuration57
- Managing System Files69
  - Saving Configuration Settings70
3 Configuring the Switch75
- Using the Web Interface75
- Navigating the Web Browser Interface77
4 Basic Management Tasks91
- Displaying System Information91
- Figure 4-1 System Information92
- Displaying Switch Hardware/Software Versions95
- Figure 4-2 Switch Information95
- Displaying Bridge Extension Capabilities96
- Figure 4-3 Displaying Bridge Extension Configuration97
- Setting the Switch's IP Address (IP Version 4)98
  - Manual Configuration100
  - Figure 4-4 Ipv4 Interface Configuration - Manual100
  - Figure 4-5 Default Gateway100
  - Using DHCP/BOOTP101
  - Figure 4-6 Ipv4 Interface Configuration - DHCP101
- Setting the Switch's IP Address (IP Version 6)103
  - Configuring an Ipv6 Address103
  - Figure 4-7 Ipv6 Interface Configuration111
  - Configuring an Ipv6 General Network Prefix112
  - Figure 4-8 Ipv6 General Prefix Configuration113
  - Configuring Neighbor Detection Protocol and Static Entries114
  - Figure 4-9 Ipv6 Neighbor Detection and Neighbor Cache117
- Configuring Support for Jumbo Frames118
- Figure 4-10 Configuring Support for Jumbo Frames118
- Managing Firmware119
  - Downloading System Software from a Server120
  - Figure 4-11 Copy Firmware120
  - Figure 4-12 Setting the Startup Code121
  - Figure 4-13 Deleting Files121
- Saving or Restoring Configuration Settings122
  - Downloading Configuration Settings from a Server124
  - Figure 4-14 Downloading Configuration Settings for Start-Up124
  - Figure 4-15 Setting the Startup Configuration Settings125
- Console Port Settings126
- Figure 4-16 Configuring the Console Port127
- Telnet Settings128
- Figure 4-17 Configuring the Telnet Interface130
- Table 4-1 Logging Levels131
- Figure 4-18 System Logs132
- Configuring Event Logging133
  - Remote Log Configuration133
  - Figure 4-19 Remote Logs134
  - Displaying Log Messages135
  - Figure 4-20 Displaying Logs135
  - Sending Simple Mail Transfer Protocol Alerts136
  - Figure 4-21 Enabling and Configuring SMTP Alerts137
- Renumbering the Stack138
- Resetting the System139
- Figure 4-22 Renumbering the Stack139
- Figure 4-23 Resetting the System139
- Setting the System Clock140
  - Configuring SNTP140
  - Setting the Time Zone141
  - Figure 4-24 SNTP Configuration141
  - Figure 4-25 Clock Time Zone142
5 Simple Network Management Protocol143
- Table 5-1 Snmpv3 Security Models and Levels144
- Enabling the SNMP Agent146
- Figure 5-1 Enabling the SNMP Agent146
- Figure 5-2 Configuring SNMP Community Strings147
- Setting Community Access Strings147
- Specifying Trap Managers and Trap Types148
- Figure 5-3 Configuring SNMP Trap Managers151
- Configuring Snmpv3 Management Access153
6 User Authentication169
- Configuring User Accounts169
- Figure 6-1 User Accounts170
- Configuring Local/Remote Logon Authentication173
- Figure 6-2 Authentication Server Settings174
- Configuring HTTPS175
- Configuring the Secure Shell178
- Configuring Port Security186
- Figure 6-6 Port Security188
- Figure 6-7 802.1X Global Information190
- Configuring 802.1X Port Authentication191
- Filtering IP Addresses for Management Access197
- Figure 6-11 IP Filter198
7 Access Control Lists199
- Configuring Access Control Lists199
- Binding a Port to an Access Control List211
- Figure 7-7 ACL Port Binding211
8 Port Configuration213
- Displaying Connection Status213
- Figure 8-1 Port - Port Information214
- Configuring Interface Connections216
- Figure 8-2 Port - Port Configuration218
- Creating Trunk Groups220
- Setting Broadcast Storm Thresholds235
- Figure 8-9 Port Broadcast Control236
- Configuring Port Mirroring237
- Configuring Rate Limits238
- Figure 8-10 Mirror Port Configuration238
- Figure 8-11 Rate Limit Configuration239
- Showing Port Statistics240
- Table 8-4 Port Statistics240
- Figure 8-12 Port Statistics245
9 Address Table Settings248
- Figure 9-1 Static Addresses248
- Displaying the Address Table249
- Figure 9-2 Dynamic Addresses250
- Changing the Aging Time251
- Figure 9-3 Address Aging251
10 Spanning Tree Algorithm253
- Displaying Global Settings256
- Figure 10-1 STA Information258
- Configuring Global Settings260
- Figure 10-2 STA Global Configuration264
- Displaying Interface Settings265
- Figure 10-3 STA Port Information268
- Configuring Interface Settings269
- Table 10-1 Recommended STA Path Cost Range271
- Table 10-2 Default STA Path Costs271
- Figure 10-4 STA Port Configuration272
- Configuring Multiple Spanning Trees273
- Figure 10-5 MSTP VLAN Configuration274
- Each Port275
- Displaying Interface Settings for MSTP276
- Figure 10-6 MSTP Port Information276
- Spanning Tree277
- Configuring Interface Settings for MSTP278
- Table 10-3 Recommended STA Path Cost Range279
- Table 10-4 Default STA Path Costs279
- Figure 10-7 MSTP Port Configuration280
11 VLAN Configuration281
- IEEE 802.1Q Vlans281
- Configuring Private Vlans297
- Configuring Protocol-Based Vlans299
12 Class of Service303
- Layer 2 Queue Settings303
- Layer 3/4 Priority Settings310
13 Quality of Service319
- Configuring Quality of Service Parameters320
14 Multicast Filtering332
- Layer 2 IGMP (Snooping and Query)332
15 Domain Name Service342
- Default Domain Name342
- Configuring General DNS Service Parameters343
- Figure 15-1 DNS General Configuration343
- Configuring Static DNS Host to Address Entries344
- Figure 15-2 DNS Static Host Table345
- Displaying the DNS Cache346
- Figure 15-3 DNS Cache347
16 Dynamic Host Configuration Protocol349
- Configuring DHCP Relay Service350
- Figure 16-1 DHCP Relay Configuration351
- Configuring the DHCP Server352
17 IP Routing361
- Overview361
  - Initial Configuration361
- IP Switching362
  - Routing Path Management364
  - Routing Protocols364
- Basic IP Interface Configuration365
- Figure 17-1 IP Global Settings366
- Configuring IP Routing Interfaces367
- Figure 17-2 IP Routing Interface368
- Address Resolution Protocol369
- Displaying Statistics for IP Protocols381
- Configuring Static Routes386
- Figure 17-11 TCP Statistics386
- Figure 17-12 IP Static Routes387
- Displaying the Routing Table388
- Figure 17-13 IP Routing Table389
- Configuring the Routing Information Protocol390
18 Overview of the Command Line Interface407
- Using the Command Line Interface407
- Entering Commands409
- Command Groups418
- Table 18-4 Command Group Index418
19 General Commands422
- Enable422
- Disable423
- Configure423
- Show History424
- Reload425
- Prompt426
- End426
- Exit427
- Quit427
20 System Management Commands430
- Device Designation Commands430
- System Status Commands432
- Frame Size Commands439
  - Jumbo Frame439
  - Table 20-4 Frame Size Commands439
- File Management Commands440
- Line Commands451
- Event Logging Commands462
- SMTP Alert Commands471
- Time Commands476
21 SNMP Commands484
- Snmp-Server484
- Show Snmp484
- Snmp-Server Community486
- Snmp-Server Contact487
- Snmp-Server Location487
- Snmp-Server Host488
- Snmp-Server Enable Traps491
- Snmp-Server Engine-ID492
- Show Snmp Engine-ID494
- Table 21-2 Show Snmp Engine-ID - Display Description494
- Snmp-Server View495
- Show Snmp View496
- Table 21-3 Show Snmp View - Display Description496
- Snmp-Server Group497
- Show Snmp Group498
- Table 21-4 Show Snmp Group - Display Description499
- Snmp-Server User500
- Show Snmp User502
- Table 21-5 Show Snmp User - Display Description502
- Table 22-1 Authentication Commands503
22 User Authentication Commands504
- User Account Commands504
- Authentication Sequence507
- RADIUS Client510
- TACACS+ Client515
- Web Server Commands517
- Telnet Server Commands522
  - Ip Telnet Server522
  - Table 22-9 Telnet Server Commands522
- Secure Shell Commands523
- Port Security Commands536
  - Port Security537
- 802.1X Port Authentication539
- IP Filter Commands550
23 Access Control List Commands554
- Ipv4 Acls554
- MAC Acls569
- ACL Information573
24 Interface Commands576
- Interface576
- Description577
- Speed-Duplex577
- Negotiation579
- Capabilities580
- Flowcontrol581
- Media-Type582
- Shutdown583
- Switchport Broadcast Packet-Rate584
- Clear Counters585
- Show Interfaces Status586
- Show Interfaces Counters587
- Table 24-1 Interface Commands588
- Show Interfaces Switchport589
- Table 24-2 Show Interfaces Switchport - Display Description590
25 Link Aggregation Commands592
- Channel-Group593
- Lacp594
- Lacp System-Priority596
- Lacp Admin-Key (Ethernet Interface)597
- Lacp Admin-Key (Port Channel)598
- Lacp Port-Priority599
- Show Lacp600
26 Mirror Port Commands605
- Port Monitor605
- Show Port Monitor606
- Table 27-1 Rate Limit Commands609
27 Rate Limit Commands610
- Rate-Limit610
28 Address Table Commands612
- Mac-Address-Table Static612
- Clear Mac-Address-Table Dynamic613
- Show Mac-Address-Table614
- Mac-Address-Table Aging-Time615
- Show Mac-Address-Table Aging-Time616
29 Spanning Tree Commands618
- Spanning-Tree619
- Spanning-Tree Mode620
- Spanning-Tree Forward-Time621
- Spanning-Tree Hello-Time622
- Spanning-Tree Max-Age623
- Spanning-Tree Priority624
- Spanning-Tree Pathcost Method625
- Spanning-Tree Transmission-Limit626
- Spanning-Tree Mst-Configuration626
- Mst Vlan627
- Mst Priority628
- Name629
- Revision630
- Max-Hops630
- Spanning-Tree Spanning-Disabled631
- Spanning-Tree Cost632
- Table 29-2 Recommended STA Path Cost Range632
- Table 29-3 Default STA Path Costs633
- Spanning-Tree Port-Priority634
- Spanning-Tree Edge-Port634
- Spanning-Tree Portfast635
- Spanning-Tree Link-Type637
- Spanning-Tree Mst Cost638
- Table 29-4 Recommended STA Path Cost Range638
- Table 29-5 Default STA Path Costs638
- Spanning-Tree Mst Port-Priority639
- Spanning-Tree Protocol-Migration640
- Show Spanning-Tree641
- Table 29-1 Spanning Tree Commands642
- Show Spanning-Tree Mst Configuration643
30 VLAN Commands646
- GVRP and Bridge Extension Commands646
- Editing VLAN Groups651
- Configuring VLAN Interfaces653
- Displaying VLAN Information660
  - Show Vlan660
  - Table 30-5 Commands for Displaying VLAN Information660
- Configuring Private Vlans661
- Configuring Protocol-Based Vlans663
31 Class of Service Commands670
- Table 31-2 Priority Commands (Layer 2)670
- Priority Commands (Layer 2)671
- Priority Commands (Layer 3 and 4)677
32 Quality of Service Commands688
- Class-Map689
- Match690
- Policy-Map691
- Class692
- Set694
- Police695
- Service-Policy696
- Show Class-Map697
- Show Policy-Map698
- Show Policy-Map Interface698
- Table 33-1 Multicast Filtering Commands701
33 Multicast Filtering Commands702
- IGMP Snooping Commands702
- IGMP Query Commands706
- Static Multicast Routing Commands711
34 Domain Name Service Commands714
- Ip Host714
- Clear Host715
- Ip Domain-Name716
- Ip Domain-List717
- Ip Name-Server718
- Ip Domain-Lookup719
- Show Hosts720
- Table 34-2 Show Dns Cache - Display Description721
- Clear Dns Cache722
35 DHCP Commands723
- DHCP Client724
- DHCP Relay726
- DHCP Server728
36 IP Interface Commands744
- Table 36-2 Basic IP Configuration Commands744
- Basic IP Configuration745
- Address Resolution Protocol (ARP)787
37 IP Routing Commands794
- Global Routing Configuration794
- Routing Information Protocol (RIP)800
Software Specifications820
- Management Features821
- Standards821
- Management Information Bases822
Troubleshooting825
- Problems Accessing the Management Interface825
- Table B-1 Troubleshooting Chart825
- Using System Logs827
Glossary829
Index839

Brand	SMC Networks
Model	TigerStack II SMC8848M
Category	Switch
Language	English

SMC Networks TigerStack II SMC8848M User Manual

Table of Contents

Other manuals for SMC Networks TigerStack II SMC8848M

Questions and Answers:

SMC Networks TigerStack II SMC8848M Specifications

Related product manuals