![Qtech QSW-2910-10T-POE-AC/DC [110/212] Use qacl to realize deny all packet expect](/img/pdf.png)
Qtech QSW-2910-10T-POE-AC/DC [110/212] Use qacl to realize deny all packet expect
![Qtech QSW-2910-10T-POE-AC/DC [110/212] Use qacl to realize deny all packet expect](/views2/1596562/page110/bg6e.png)
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
110
!Define ACL transmitting packet with source interface to be Ethernet
interface 8,destination interface to be wthernet interface 1,source
MAC address to be 00:01:02:03:04:05
QTECH(config)#accesss-list 200 permit ingress 00:01:02:03:04:05
0:0:0:0:0:0 interface ethernet 0/0/8 egress egress interface ethernet
0/0/1
!Define ACL transmitting packet with source interface being Ethernet
interface 1,destination interface being Ethernet interface 8,source
MAC address being 00:01:02:03:04:05
QTECH(config)#accesss-list 201 permit ingress 00:01:02:03:04:05
0:0:0:0:0:0 interface fast-ethenet 1 egress egress interface ethernet
0/0/8
(2) Configure flow monitor of uplink and downlink interface
!Enter interface configuration mode of uplink interface 1
QTECH(config)#interface ethernet 0/1
!Configure corresponded flow monitor of uplink interface 1
QTECH(config-if-ethernet-0/0/1)##rate-limit input link-group 201 3
!Enter interface configuration mode of downlink interface 8
QTECH(config)#interface ethernet 0/0/8
!Configure corresponded flow monitor of downlink interface 8
QTECH(config-if-ethernet-0/0/8)##rate-limit input link-group 200 5
7.4.3 Use QACL to realize deny all packet expect
Brief introduction of deny all packet expect
deny all packet expect is used to drop all packet except needing transmitting. This function can
be realized by configuring QACL.
1. Configuration example
Configuring deny all packet expect PPPoE, the protocol number of PPPoE is 0x8863 (decimal
is 34915) and 0x8864 (decimal is 34916)
(1) Drop all packets
(2) Transmit PPPoE packet
Configuration is as following:
(1) Define needed ACL
!Configure deny ACL of all packet
QTECH(config)#access-list 200 deny ingress any egress any
!Configure ACL of transmitting PPPoE packet
Содержание
- Chapter 1 accessing switch 14 1
- Chapter 2 port configuration 26 1
- Content 1
- Content 1 1
- Chapter 3 vlan configuration 45 2
- Chapter 4 dhcp configuration 61 4
- Chapter 5 multicast protocol configuration 66 4
- Chapter 6 acl configuration 87 6
- Chapter 7 qos configuration 96 6
- Chapter 8 stp configuration command 114 7
- Chapter 10 sntp client configuration 133 8
- Chapter 11 syslog configiration 138 8
- Chapter 12 ssh configuration 145 8
- Chapter 9 802 x configuration command 125 8
- Chapter 13 switch manage and maintenance 148 9
- Chapter 14 lldp configuration 176 10
- Chapter 15 errp command configuration 179 10
- Chapter 16 cfm configuration 184 10
- Chapter 17 pppoe plus configuration 192 11
- Chapter 18 flex links configuration 195 11
- Chapter 19 efm configuration 198 11
- Chapter 20 poe function 207 12
- Chapter 21 mac authentication configuration 209 12
- 0 mac authentication max users 212 13
- Chapter 1 accessing switch 14
- Command line configuration mode 14
- Command line interface 14
- Command syntax comprehension 16
- History command 18
- Syntax help 18
- Command parameter categories 19
- Symbols in command 19
- Add user 20
- System default user name 20
- User management 20
- Modify password 21
- Modify privilege 21
- Remote authentication of administrator 22
- Remove user name 22
- View system user information 22
- Display authentication configuration 23
- Show tacacs 23
- Start radius tacacs remote authentication 23
- Tacacs remote server configuration 23
- Ways of managing switch 23
- Manage switch by hyper terminal 24
- Manage switch by telnet 25
- Chapter 2 port configuration 26
- Enter interface configuration mode 26
- Port configuration 26
- Port configuration introduction 26
- Port related configuration 26
- Configure interface duplex mode and speed rate 27
- Configure port control mode 27
- Enable disable specified interface 27
- Ingress egress bandwidth control configuration 28
- Interface description configuration 28
- Interface prioruty configuration 28
- Enable disable interface flow control 29
- Enable disable vlan filtration of receiving packet of interface 29
- Interface ingress acceptable frame configuration 29
- Port mode configuration 30
- The default vlan id of port configuration 30
- Add port to specified vlan 31
- Display interface information 31
- Brief introduction of interface mirror 32
- Display clear interface statistics information 32
- Interface mirror 32
- Interface mirror configuration 32
- Configure mirror interface 33
- Configure mirror source interface 33
- Display interface mirror 33
- Brief introduction of port convergence 34
- Delete all port and traffic mirror 34
- Port lacp convergent configuration 34
- Interface convergent configuration 36
- Brief introduction of interface car 38
- Interface car configuration 38
- Enable disable interface car on a port 39
- Enable disable interface globally 39
- Port car configuration command list 39
- Brief introduction of port alarm configuration 40
- Configure the port car rate 40
- Configure the reopen time of the port shutdown by port car 40
- Display port car information 40
- Port alarm configuration 40
- Configure the exceed threshold and normal threshold of port alarm 41
- Enable disable port alarm globally 41
- Enable disable port alarm on the port 41
- Port alarm configuration list 41
- Brief introduction of shutdown control 42
- Display port alarm 42
- Interface shutdown control configuration 42
- Configure shutdown control open time 43
- Interface shutdown control configuration list 43
- Shutdown control configuration 43
- Display shutdown control 44
- Recover shutdown control 44
- Brief introduction of vlan 45
- Chapter 3 vlan configuration 45
- Default vlan 45
- Vlan configuration 45
- Vlan configuration list 45
- Vlan interface type 45
- Add delete vlan interface 46
- Create delete vlan 46
- Specify restore vlan description 47
- Configure interface default vlan id 48
- Configure interface type 48
- Configure tag vlan 48
- Display vlan information 48
- Brief introduction of gvrp 49
- Gvrp configuration 49
- Gvrp configuration list 49
- Display gvrp 50
- Enable disable global gvrp 50
- Enable disable gvrp on a port 50
- Add delete vlan that can be dynamic learnt by gvrp 51
- Brief introduction of qinq 51
- Display vlan that can be learnt by gvrp 51
- Qinq configuration 51
- Qinq configuration list 51
- Configure global inner outer tpid 52
- Configure global qinq 52
- Configure qinq mode of interface 52
- Configure interface dynamic qinq 53
- Configure rewrite outer vlan 53
- Enable disable vlan swap 53
- Display dynamic qinq 54
- Display rewrite outer vlan 54
- Display vlan swap 54
- Configure mac based vlan table 55
- Configure protocol based vlan table 55
- Vlan extended properties 55
- N 1 vlan 56
- Vlan translate 56
- Brief introduction of l2 tunnel 57
- Configure qinq mode of interface 57
- Enable disable l2 tunnel 57
- L2 tunnel 57
- L2 tunnel configuration list 57
- Configure cancel l2 tunnel drop threshold 58
- Show l2 tunnel drop threshold 58
- Show port l2 tunnel status 58
- Brief introduction of vprb 59
- Configure delete vprb port backup 59
- Show vprb 59
- Vprb configuration list 59
- Example show vprb qtech config show vprb 60
- Brief introduction of dhcp 61
- Chapter 4 dhcp configuration 61
- Dhcp configuration 61
- Dhcp configuration list 61
- Enable dhcp relay 61
- Support relay option82 62
- Configure ip source guard 64
- Configure max host number 64
- Configure trust ports 64
- Dhcp snooping 64
- Enable dhcp snooping 64
- Ip source guard bind 64
- N 1 vlan 65
- Show dhcp snooping configuration of ports 65
- Show dhcp snooping configuration of vlans 65
- Show information of clients 65
- Brief introduction of gmrp 66
- Chapter 5 multicast protocol configuration 66
- Enable disable global gmrp 66
- Gmrp configuration 66
- Gmrp configuration list 66
- Add delete multicast that can be dynamic learnt by gmrp 67
- Display gmrp 67
- Enable disable gmrp on a port 67
- Brief introduction of igmp snooping 68
- Display multicast that can be learnt by gmrp 68
- Igmp snooping configuration 68
- Igmp snooping interface fast leave configuration 69
- Igmp snooping max response time configuration 69
- Igmp snooping multicast interface aging time configuration 69
- Configure the number of the multicast group allowed learning 70
- Igmp snooping permit deny group configuration 70
- Igmp snooping route port forward configuration 70
- Configure igmp snooping querier vlan 71
- Configure igmp snooping query interval 71
- Enable disable igmp snooping querier 71
- Configure igmp snooping query max response 72
- Configure igmp snooping query source ip 72
- Configure igmp snooping route port aging 72
- Add igmp snooping route port 73
- Configure igmp snooping multicast vlan 73
- Enable disable igmp snooping preview 73
- Igmp snooping multicast preview group configuration 74
- Igmp snooping preview parameter 74
- Display igmp snooping multicast preview 75
- Igmp snooping profile 75
- Igmp snooping profile configuration 75
- Igmp snooping profile refer configuration 76
- Igmp snooping drop query 77
- Igmp snooping record host 77
- Show igmp snooping profile 77
- Igmp snooping drop report 78
- Show igmp snooping record host 78
- Show multicast interface 78
- Mld snooping configuration 79
- Mld snooping protocol overview 79
- Mld snooping fast leave 80
- Mld snooping host aging time 80
- Mld snooping max learnt multicast number 80
- Mld snooping max response time 80
- Configure mld snooping route port forward 81
- Enable disable mld snooping querier 81
- Mld snooping permit deny group 81
- Configure mld snooping max response time 82
- Configure mld snooping querier sending interval 82
- Configure mld snooping router port aging 82
- Add mld snooping router port 83
- Display mld snooping group 83
- Mld snooping multicast vlan 83
- Add interfaces to multicast group 84
- Brief introduction of static multicast 84
- Create multicast group 84
- Static multicast configuration 84
- Static multicast configuration list 84
- Delete interface members from multicast group 85
- Display multicast group information 85
- Delete multicast group 86
- Brief introduction of acl 87
- Chapter 6 acl configuration 87
- Introduction of acl 87
- Matching order configuration 87
- Acl configuration 88
- Acl support 88
- Configuration list 88
- Configure time range 89
- Define acl 90
- Activate acl 94
- Ipv6 acl key mode 94
- Monitor and maintanence of acl 95
- Brief introduction of qos 96
- Chapter 7 qos configuration 96
- Flow monitor 99
- Qos configuration 99
- Qos configuration list 99
- Interface line rate 100
- Packet redirection configuration 100
- Priority configuration 101
- Queue scheduler configuration 101
- Configure the mapping relationship between dscp and 8 priority in ieee 802 p 102
- Flow mirror configuration 102
- The cos map relationship of hardware priority queue and priority of ieee802 p protocol 102
- Copy packet to cpu 103
- Flow statistic configuration 103
- Traffic insert vlan configuration 104
- Traffic rewrite vlan configuration 104
- Bandwidth ingress 105
- Monitor and maintenance of qos 105
- Configuration example of qacl 106
- Use qacl to realize user isolation 106
- Use qacl to realize bandwidth control 109
- Use qacl to realize deny all packet expect 110
- Brief introduction of port isolation 111
- Port isolation 111
- Use qacl to prevent virus 111
- Port isolation configuration 112
- Brief introduction of strom control 113
- Strom control 113
- Brief introduction of stp configuration 114
- Chapter 8 stp configuration command 114
- Stp configuration command 114
- Stp configuration list 114
- Configure stp mode 115
- Enable disable interface stp 115
- Enable disable stp 115
- Configure stp priority 116
- Configure switch forward delay 116
- Configure hello time features 117
- Configure max age 117
- Configure interface to force to send rstp packet 118
- Configure path cost of specified interfaces 118
- Configure stp priority od specified port 118
- Configure link type of specified interface 119
- Configure the current port as an edge port 119
- Configure the speed limit of sending bpdu of specified interface 120
- Enable disable stp remote loop detect 120
- Stp monitor and maintainenance 120
- Brief introduction of mstp 121
- Mstp configuration 121
- Mstp configuration list 121
- Configure mstp configuration mark 122
- Configure timer value of mstp 122
- Configure edge interface status of mstp interface 123
- Configure mstp interface link type 123
- Configure mstp interface path cost 123
- Configure mstp net bridge privilege 123
- Configure mstp interface privilege 124
- Display mstp configuration information 124
- Aaa configuration mode 125
- Brief introduction of 802 x configuration 125
- Chapter 9 802 x configuration command 125
- X configuration 125
- Radius server configuration 126
- Domain configuration 128
- Configure local user 129
- X configuration 130
- Brief introduction of sntp protocol 133
- Chapter 10 sntp client configuration 133
- Enable disable sntp client 133
- Sntp client configuration 133
- Sntp client broadcast delay configuration 134
- Sntp client unicast server configuration 134
- Sntp client working mode configuration 134
- Sntp client multicast ttl configuration 135
- Sntp client poll interval configuration 135
- Sntp client retransmit configuration 135
- Sntp client md5 authentication configuration 136
- Sntp client valid server configuration 136
- 0 summer time configuration for sntp client 137
- Brief introduction of syslog 138
- Chapter 11 syslog configiration 138
- Syslog configiration 138
- Enable disable syslog 139
- Syslog sequence number configuration 139
- Syslog time stamps configuration 139
- Syslog logging buffered outputting configuration 140
- Syslog terminal outputting configuration 140
- Syslog flash storage outputting configuration 141
- Syslog logging host outputting configuration 141
- Module debug configuration 143
- Syslog snmp agent outputting configuration 143
- Enable debug of module vlan 144
- Qtech config debug vlan 144
- Brief introduction of ssh 145
- Chapter 12 ssh configuration 145
- Enable disable ssh function of the device 145
- Ssh configuration 145
- Ssh key configuration 145
- Others 147
- Chapter 13 switch manage and maintenance 148
- Configuration files management 148
- Edit configuration files 148
- Erase configuration 148
- Modify and save current configuration 148
- Save minmum manageable configuration of network administration 148
- Display saved configuration 149
- Execute saved configuration 149
- Configure file executing mode shift 150
- Online loading upgrade program 150
- Upload and download files by tftp 150
- Upload and download files by ftp 151
- Brief introduction of mac address table management 152
- Download files by xmodem 152
- Facility management 152
- Mac address table management 152
- Configure system mac address aging time 153
- Mac address table management list 153
- Configure mac address item 154
- Enable disable mac address learning 155
- Configure the number of port mac address allowed learning 156
- Modify mac address learning mode 156
- Reboot 156
- Basic configuration and management 157
- System maintenance 157
- Use show command to check system information 157
- Network connecting test command 158
- Loopback test command 159
- Vct test command 159
- Administration ip address restriction 160
- The number of telnet user restriction 160
- Cpu car command 161
- Routing tracert command 161
- Brief introduction of snmp 162
- Configuration 162
- Monitor system by snmp 162
- Configure community 163
- Configure syscontact 163
- Configure trap destination host adress 164
- Configure notify 165
- Configure syslocation 165
- Configure sysname 165
- Configure engine id 166
- Configure trap sending source address 166
- Configure view 167
- 0 configure group 168
- 1 configure user 169
- Enable disable dlf forword packet 170
- Enable disable dropping bpdu packet 171
- Enable disable source dlf forward 171
- Telnet client 171
- Brief introduction of cpu alarm configuration 172
- Configure cpu busy or unbusy threshold 172
- Cpu alarm configuration 172
- Cpu alarm configuration list 172
- Enable disable cpu alarm 172
- Configure enable disable mailalarm 173
- Configure mailalarm server 173
- Display cpu alarm information 173
- Mail alarm configuration 173
- Configure enable disable mailalarm smtp authentication 174
- Configure mailalarm ccaddr 174
- Configure mailalarm logging level 174
- Configure mailalarm receiver 174
- Anti dos attack 175
- Enable disable global ttl 175
- Ip segment anti attack 175
- Brief introduction of lldp protocol 176
- Chapter 14 lldp configuration 176
- Enable disable global lldp 176
- Lldp configuration 176
- Lldp configuration list 176
- Configure lldp hello time 177
- Configure lldp hold time 177
- Interface lldp packet receiving sending mode configuration 177
- Display lldp information 178
- Brief introduction of errp 179
- Chapter 15 errp command configuration 179
- Errp configuration 179
- Errp configuration list 179
- Configure errp domain working mode 180
- Configure errp timer 180
- Enter errp configuration mode 180
- Configure control vlan of errp domain 181
- Create errp ring 181
- Display errp domain and ring information 182
- Enable disable errp ring 182
- 0 errp query solicitation 183
- Brief introduction of cfm 184
- Cfm configuration 184
- Cfm configuration list 184
- Chapter 16 cfm configuration 184
- Create delete md 184
- Configure md parameter 185
- Create delete ma 185
- Configure ma parameter 186
- Create delete mep 186
- Create delete rmep 187
- Create delete mip 188
- Loopback 188
- 0 linktrace 189
- 1 show md 189
- 2 show ma 189
- 3 show mp mep mip rmep 190
- 4 show clear ccm statistics 190
- 5 show clear ccm database 190
- 6 show cfm error 191
- Brief introduction of pppoe plus 192
- Chapter 17 pppoe plus configuration 192
- Enable disable pppoe plus 192
- Pppoe plus configuration 192
- Pppoe plus configuration list 192
- Configure pppoe plus type 193
- Configure pppoe port type 193
- Configure remote id 193
- Configure remote id format 193
- Self defined circuit id 193
- Configure pppoe plus vendor specific tag overwrite 194
- Brief introduction of flex links 195
- Chapter 18 flex links configuration 195
- Enable or disable flex links of interface or convergent interface 195
- Flex links configuration 195
- Flex links configuration list 195
- Configure flex links preemption mode 196
- Configure flex links preemption mode delay 196
- Disaply flex links information 196
- Configure macmoveupdate of flex links 197
- Chapter 19 efm configuration 198
- Efm configuration 198
- Efm configuration list 198
- Efm overview 198
- Enable disable efm 198
- Configure efm pdu timeout 199
- Configure efm working mode 199
- Configure link monitoring 200
- Configure link timeout 200
- Configure response timeout 200
- Enable disable link monitoring 202
- Enable disable remote failure indication 202
- 0 enable disable remote mib variable obtaining 203
- 1 enable disable remote loopback 203
- 2 enable stop remote loopback 203
- 3 configure handling remote loopback querying packet 204
- 4 show efm status 204
- 5 show efm info 204
- 6 show efm discovery 205
- 7 show clear efm statistics 205
- 8 show remote mib 206
- Chapter 20 poe function 207
- Configure global max power 207
- Enable disable port poe 207
- Poe configuration 207
- Poe configuration list 207
- Poe overview 207
- Configure interface max power 208
- Configure port poe priority 208
- Show poe configuration 208
- Aaa authentication domain configuration 209
- Chapter 21 mac authentication configuration 209
- Mac authentication configuration 209
- Mac authentication configuration list 209
- Mac authentication overview 209
- Mac authentication user name format 209
- Enable disable mac authentication 210
- Mac authentication timer offline detect 210
- Radius authentication configuration 210
- Guest vlan 211
- Mac authentication timer quiet 211
- Mac vlan 211
- 0 mac authentication max users 212
Похожие устройства
- Qtech QSW-2910-28T-AC Инструкция по установке
- Qtech QSW-2910-28T-AC Руководство пользователя
- Qtech QSW-2910-28T-POE-AC/DC Инструкция по установке
- Qtech QSW-2910-28T-POE-AC/DC Руководство пользователя
- Qtech QSW-2910-28F-AC Инструкция по установке
- Qtech QSW-2910-28F-AC Руководство пользователя
- Qtech QSW-2910-52T-AC Инструкция по установке
- Qtech QSW-2910-52T-AC Руководство пользователя
- Qtech QSW-2910-52T-POE-AC Инструкция по установке
- Qtech QSW-2910-52T-POE-AC Руководство пользователя
- Qtech QSW-2900-24T-AC Руководство пользователя
- Qtech QSW-2900-24F-AC Руководство пользователя
- Qtech QSW-2900-24T4-AC Руководство пользователя
- Qtech QSW-3410-10T-POE-AC Руководство пользователя
- Qtech QSW-3470-28T-POE-AC Руководство пользователя
- Qtech QSW-3470-28T-AC Руководство пользователя
- Qtech QSW-3000-28T-AC (QSW-3000 Rev.B1) Руководство пользователя
- Qtech QSW-3000-28T-AC (QSW-3000 Rev.B1) Руководствоо администратора
- Qtech QSW-3000-10T Руководство пользователя
- Qtech QSW-3000-10T Руководствоо администратора