EasyManua.ls Logo

SMC Networks TigerSwitch SMC6128PL2 User Manual

SMC Networks TigerSwitch SMC6128PL2
658 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #150 background imageLoading...
Page #150 background image
C
ONFIGURING
THE
S
WITCH
3-96
Access Control Lists
Access Control Lists (ACL) provide packet filtering for IP frames (based
on address, protocol, Layer 4 protocol port number or TCP control code)
or any frames (based on MAC address or Ethernet type). To filter
incoming packets, first create an access list, add the required rules, and
then bind the list to a specific port.
Configuring Access Control Lists
An ACL is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests
ingress or egress packets against the conditions in an ACL one by one. A
packet will be accepted as soon as it matches a permit rule, or dropped as
soon as it matches a deny rule. If no rules match for a list of all permit
rules, the packet is dropped; and if no rules match for a list of all deny
rules, the packet is accepted.
Command Usage
The following restrictions apply to ACLs:
Each ACL can have up to 100 rules.
However, due to resource restrictions, the average number of rules
bound to the ports should not exceed 20.
When an ACL is bound to an interface as an egress filter, all entries in
the ACL must be deny rules. Otherwise, the bind operation will fail.
The switch does not support the explicit “deny any any” rule for the
egress IP ACL. If these rules are included in ACL, and you attempt to
bind the ACL to an interface for egress checking, the bind operation
will fail.
The order in which active ACLs are checked is as follows:
1.User-defined rules in the Egress IP ACL for egress ports.
2. User-defined rules in the Ingress IP ACL for ingress ports.

Table of Contents

Other manuals for SMC Networks TigerSwitch SMC6128PL2

Preview: Installation Guide
Installation Guide88 pages
Preview: Specifications
Specifications2 pages

Questions and Answers:

SMC Networks TigerSwitch SMC6128PL2 Specifications

General IconGeneral
PoEYes
PoE Ports24
Switching Capacity12.8 Gbps
Forwarding Rate9.5 Mpps
LayerLayer 2
MAC Address Table Size8K
Jumbo Frame Support9 KB
Power SupplyInternal
Weight3.6 kg
Operating Temperature0°C to 40°C
Storage Temperature-40°C to 70°C
Humidity10% to 90% non-condensing
FeaturesVLAN, QoS, IGMP Snooping, Link Aggregation, Port Mirroring
Ports24 x 10/100 Mbps + 4 x Gigabit Combo (RJ45/SFP)

Summary

Introduction

Key Features

Lists key features and capabilities of the switch, including port specifications and management options.

Description of Software Features

Details advanced performance features like flow control, broadcast storm suppression, and VLAN support.

Authentication

Explains management access authentication via console, Telnet, web, RADIUS, TACACS+, and 802.1X.

Access Control Lists

Virtual LANs

Initial Configuration

Connecting to the Switch

Details steps for connecting to the switch via console port or Telnet for configuration.

Basic Configuration

Setting an IP Address

Configures manual or dynamic IP address settings for management access over the network.

Enabling SNMP Management Access

Configuring the Switch

Using the Web Interface

Describes configuring the switch and viewing statistics via a web browser.

Configuring Event Logging

Simple Network Management Protocol (SNMP)

Explains the SNMP protocol for network device management, including versions 1, 2c, and 3.

User Authentication

Restricts management access using local or remote authentication methods.

Configuring the Secure Shell

Details SSH server configuration for secure remote management access.

Configuring Port Security

Allows configuring MAC addresses authorized to access switch ports.

Configuring 802.1X Port Authentication

Implements port-based access control preventing unauthorized network access.

Access Control Lists

Provides packet filtering for IP frames or any frames based on addresses or protocols.

Port Configuration

Creating Trunk Groups

Configuring Rate Limits

Power Over Ethernet Settings

Configures DC power supply to connected devices via Ethernet, including power budget and priority.

Spanning Tree Algorithm Configuration

Configures Spanning Tree protocols (STP, RSTP, MSTP) globally and for interfaces.

VLAN Configuration

Describes creating VLAN groups, adding members, and configuring VLAN behavior.

Switch Clustering

Groups switches for centralized management through a Commander/Member unit structure.

Quality of Service Commands

Configures QoS classification criteria and service policies using DiffServ.

Multicast Filtering Commands

Supports real-time applications like videoconferencing or streaming audio using IGMP.

Multicast VLAN Registration

DHCP Snooping Commands

Protects the network from rogue DHCP servers by filtering DHCP messages.

Command Line Interface

Using the Command Line Interface

Guides on using the CLI for switch management via keywords and parameters.

Configuration Commands

System Management Commands

IP Filter Commands

Secure Shell Commands

Event Logging Commands

Flash/File Commands

Authentication Commands

RADIUS Client Commands

TACACS+ Client

Port Security Commands

802.1X Port Authentication

Access Control List Commands

SNMP Commands

Interface Commands

Mirror Port Commands

Rate Limit Commands

Link Aggregation Commands

Address Table Commands

Spanning Tree Commands

VLAN Commands

Class of Service Configuration

Specifies data packet precedence based on congestion and priority queues.

IP Source Guard Commands

Filters IP traffic based on configured entries in the IP Source Guard table.

Switch Cluster Commands

Appendix B Troubleshooting

Problems Accessing the Management Interface

Related product manuals