![Qtech QSW-3200-28T [57/136] Brief introduction of acl](/img/pdf.png)
Qtech QSW-3200-28T [57/136] Brief introduction of acl
![Qtech QSW-3200-28T [57/136] Brief introduction of acl](/views2/1596594/page57/bg39.png)
+7(495) 797-3311www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
46
Chapter 7 ACL CONFIGURATION
7.1 Brief introduction of ACL
7.1.1 Introduction of ACL
In order to filtrate data packet, it needs configuring a series of matching rules to recognize the
object which needs filtration. After recognizing special object, it can configure to permit or deny
corresponded data packet passing according to the scheduled strategy. Access Control List
(ACL) is used to realize this function.
ACL can classifies data packet according to a series of matching condition which can be
source address, destination address and interface number. Switch detects data packet
according to the specified condition of ACL to determine to transmit or drop.
Data packet matching rules defined by ACL can be introduced to other situation which needs
distinguish flow, such as the flow classification in QoS.
7.1.2 Matching order configuration
An ACL rule consists of many «permit | deny» syntax, and the range of data packet specified
by each syntax is different. When matching a data packet and ACL rule, there should be order.
Use following command to configure ACL matching order:
access-list access-list-number match-order { config | auto }
Parameter:
access-list-number: the number of ACL rule which is in the range of 1 to 399.
config: Specify user configured order when matching this rule.
auto: Specify auto-sequencing when matching this rule. (according to the deep precedency) It
is defaulted to specify user configured order, that is «config» . Once user configures the
matching order of an ACL rule, it cannot be changed unless delete the content of the rule and
re-configure its order.
The deep precedency used by auto means locating the syntax with the smallest data range at
the end, which can be realized by comparing address wildcard. The smaller the wildcard value
is, the smaller range the host has. For example, 192.168.3.1 0 specifies a host:
192.168.3.1,while 192.168.3.1 0.0.255.255 specifies a network interface: 192.168.3.1
~192.168.255.255. The former is before the latter in ACL. The concrete rule is: For standard
ACL syntax, compare source address wildcard, if their wildcard is the same, use config order;
for layer 2 ACL, the rule with «any» is in the front, others use config order; for extended ACL,
compare source address wildcard, if they are the same, compare destination address wildcard,
if they are the same, compare interface number range, the smaller is in the back, if the
interface number range is the same, use config order; for user-defained ACL, compare the
length of mask, the longer is in the back, if they are the same, use config order.
7.1.3 ACL support
ACL can be classified as following:
ACL is the command control list applied to switch. These command is used to tell switch which
data packet to receive and which to refuse. It consists of a series of judging syntax. After
activating an ACL, switch will examine each data packet entering switch according to the
judging condition given by ACL. The one which satisfies the ACL will be permit or dropped
according to ACL. QOS introduces the permit rule configuration.
Содержание
- Интеллектуальные коммутаторы уровня доступа и агрегации 1
- Серия qsw 3200 1
- Техническое описание 1
- Content 2
- Chapter 1 accessing switch 12
- Command line configuration mode 12
- Command line interface 12
- Command syntax comprehension 14
- Syntax help 15
- Command parameter categories 16
- History command 16
- Symbols in command 16
- Add user 17
- System default user name 17
- User management 17
- Modify password 18
- Modify privilege 18
- Display authentication configuration 19
- Remote authentication of administrator 19
- Remove user name 19
- Start radius remote authentication 19
- View system user information 19
- Ways of managing switch 19
- Manage switch by hyper terminal 20
- Manage switch by telnet 20
- Chapter 2 port configuration 22
- Enter interface configuration mode 22
- Port configuration 22
- Port configuration introduction 22
- Port related configuration 22
- Configure interface duplex mode and speed rate 23
- Enable disable specified interface 23
- Interface prioruty configuration 23
- Enable disable interface flow control 24
- Enable disable vlan filtration of receiving packet of interface 24
- Interface description configuration 24
- Interface ingress acceptable frame configuration 24
- Configure interface combo type 25
- Port mode configuration 25
- The default vlan id of trunk port configuration 25
- Trunk allowed vlan configuration 25
- Add access interface to specified vlan 26
- Display clear interface statistics information 26
- Display interface information 26
- Brief introduction of interface mirror 27
- Interface mirror configuration 27
- Port mirroring 27
- Brief introduction of port convergence 28
- Port lacp convergent configuration 28
- Interface convergent configuration 29
- Brief introduction of interface car 31
- Enable disable interface car on a port 31
- Enable disable interface globally 31
- Interface car configuration 31
- Port car configuration command list 31
- Brief introduction of port alarm configuration 32
- Configure the port car rate 32
- Configure the reopen time of the port shutdown by port car 32
- Display port car information 32
- Port alarm configuration 32
- Port alarm configuration list 32
- Configure the exceed threshold and normal threshold of port alarm 33
- Display port alarm 33
- Enable disable port alarm globally 33
- Enable disable port alarm on the port 33
- Brief introduction of shutdown control 34
- Configure shutdown control open time 34
- Display shutdown control 34
- Interface shutdown control configuration 34
- Interface shutdown control configuration list 34
- Shutdown control configuration 34
- Example display interface shutdown control information qtech config show shutdown control 35
- Brief introduction of vlan 36
- Chapter 3 vlan configuration 36
- Default vlan 36
- Vlan interface type 36
- Add delete vlan interface 37
- Vlan configuration 37
- Vlan configuration list 37
- Vlan create delete vlan 37
- Configure interface default vlan id 38
- Configure interface type 38
- Specify restore vlan description 38
- Brief introduction of gvrp 39
- Configure tag vlan 39
- Display vlan information 39
- Gvrp configuration 39
- Display gvrp 40
- Enable disable global gvrp 40
- Enable disable gvrp on a port 40
- Gvrp configuration list 40
- Add delete vlan that can be dynamic learnt by gvrp 41
- Brief introduction of qinq 41
- Configure global qinq 41
- Display vlan that can be learnt by gvrp 41
- Examples for gvrp configuration 41
- Qinq configuration 41
- Qinq configuration list 41
- Configure qinq mode of interface 42
- Arp configuration 43
- Arp configuration list 43
- Brief introduction of arp 43
- Chapter 4 arp configuration 43
- Delete arp table item 43
- Display arp 43
- Brief introduction of gmrp 44
- Chapter 5 multicast protocol 44
- Chapter 5 multicast protocol configuration 44
- Configuration 44
- Enable disable global gmrp 44
- Enable disable gmrp on a port 44
- Gmrp configuration 44
- Gmrp configuration list 44
- Add delete multicast that can be dynamic learnt by gmrp 45
- Brief introduction of igmp snooping 45
- Display gmrp 45
- Display multicast that can be learnt by gmrp 45
- Igmp snooping configuration 45
- Igmp snooping interface fast leave configuration 46
- Igmp snooping max response time configuration 46
- Igmp snooping multicast interface aging time configuration 46
- Configure the number of the multicast group allowed learning 47
- Enable disable igmp snooping querier 47
- Igmp snooping permit deny group configuration 47
- Igmp snooping route port forward configuration 47
- Configure igmp snooping querier vlan 48
- Configure igmp snooping query interval 48
- Configure igmp snooping query max response 48
- Configure igmp snooping query source ip 48
- Configure igmp snooping route port aging 48
- Add igmp snooping route port 49
- Enable disable igmp snooping preview 49
- Igmp snooping multicast vlan configuration 49
- Igmp snooping preview parameter 49
- Display igmp snooping multicast preview 50
- Igmp snooping multicast preview group configuration 50
- Brief introduction of static multicast 51
- Static multicast configuration 51
- Brief introduction of cross vlan multicast 52
- Cross vlan multicast configuration 52
- Brief introduction 54
- Chapter 6 dhcp configuration 54
- Configre dhcp servers for each vlan 54
- Dhcp configuration 54
- Dhcp configuration list 54
- Enable dhcp relay 54
- Configure ip source guard 55
- Configure max client number 55
- Configure trust interface 55
- Dhcp snooping 55
- Enable the function 55
- Display configuration 56
- Display user s information 56
- Show dhcp snooping configuration of vlans 56
- Acl support 57
- Brief introduction of acl 57
- Chapter 7 acl configuration 57
- Introduction of acl 57
- Matching order configuration 57
- Acl configuration 58
- Configuration list 58
- Configure time range 58
- Define acl 59
- Activate acl 64
- Monitor and maintanence of acl 64
- Brief introduction of qos 65
- Chapter 8 qos configuration 65
- Qos configuration 67
- Qos configuration list 67
- Queue scheduler configuration 67
- The cos map relationship of hardware priority queue and priority of ieee802 p protocol 67
- Brief introduction of port isolation 68
- Port isolation 68
- Port isolation configuration 68
- Qos monitoring and maintenance 68
- Brief introduction of strom control 69
- Strom control 69
- Strom control configuration 69
- Brief introduction of stp configuration 70
- Chapter 9 stp configuration 70
- Enable disable stp 70
- Stp configuration 70
- Stp configuration list 70
- Configure stp mode 71
- Configure stp priority 71
- Enable disable interface stp 71
- Configure hello time 72
- Configure max age 72
- Configure switch forward delay 72
- Configure interface to force to send rstp packet 73
- Configure path cost of specified interfaces 73
- Configure stp priority od specified port 73
- Configure link type of specified interface 74
- Configure the current port as an edge port 74
- Configure the speed limit of sending bpdu of specified interface 74
- Stp monitor and maintainenance 74
- Brief introduction of mstp 75
- Enable disable stp remote loop detect 75
- Mstp configuration 75
- Mstp configuration list 75
- Configure mstp configuration mark 76
- Configure mstp net bridge privilege 76
- Configure timer value of mstp 76
- Configure edge interface status of mstp interface 77
- Configure mstp interface link type 77
- Configure mstp interface path cost 77
- Configure mstp interface privilege 77
- Configure ignore of vlan 78
- Configure spanning tree mst root guard 78
- Display mstp configuration information 78
- Enable disable digest snooping 78
- 802 x configuration 80
- Aaa configuration mode 80
- Brief introduction of 802 x configuration 80
- Chapter 10 802 x configuration 80
- Chapter 10 802 x configuration command 80
- Command 80
- Radius server configuration 80
- Domain configuration 82
- 802 x configuration 83
- Brief introduction of sntp protocol 85
- Chapter 11 sntp client configuration 85
- Enable disable sntp client 85
- Sntp client configuration 85
- Sntp client working mode configuration 85
- Sntp client broadcast delay configuration 86
- Sntp client multicast ttl configuration 86
- Sntp client poll interval configuration 86
- Sntp client unicast server configuration 86
- Sntp client md5 authentication configuration 87
- Sntp client retransmit configuration 87
- Sntp client valid server configuration 87
- Brief introduction of syslog 88
- Chapter 12 syslog configiration 88
- Syslog configiration 88
- Enable disable syslog 89
- Syslog sequence number configuration 89
- Syslog terminal outputting configuration 89
- Syslog time stamps configuration 89
- Syslog flash storage outputting configuration 90
- Syslog logging buffered outputting configuration 90
- Syslog logging host outputting configuration 91
- Module debug configuration 92
- Syslog snmp agent outputting configuration 92
- Brief introduction of ssh 93
- Chapter 13 ssh configuration 93
- Enable disable ssh function of the device 93
- Ssh configuration 93
- Ssh key configuration 93
- Others 94
- Chapter 14 switch manage and 95
- Chapter 14 switch manage and maintenance 95
- Configuration files management 95
- Display saved configuration 95
- Edit configuration files 95
- Erase configuration 95
- Execute saved configuration 95
- Maintenance 95
- Modify and save current configuration 95
- Configure file executing mode shift 96
- Display current configuration 96
- Online loading upgrade program 96
- Upload and download files by tftp 96
- Upload and download files by ftp 97
- Download files by xmodem 98
- Facility management 98
- Mac address table management 98
- Basic configuration and management 101
- Reboot 101
- System maintenance 101
- Use show command to check system information 101
- Network connecting test command 102
- Administration ip address restriction 103
- Loopback test command 103
- Cpu car command 104
- Routing tracert command 104
- The number of telnet user restriction 104
- Brief introduction of snmp 105
- Configuration 105
- Monitor system by snmp 105
- System ip configuration 110
- Configuration ip address by manual operation 111
- Configure and manage vlan 111
- Examples for ip address configuration 111
- Brief introduction of cpu alarm configuration 112
- Cpu alarm configuration 112
- Display ip address 112
- Enable disable dlf forword packet 112
- Anti dos attack 113
- Configure cpu busy or unbusy threshold 113
- Cpu alarm configuration list 113
- Display cpu alarm information 113
- Enable disable cpu alarm 113
- Ip segment anti attack 113
- Brief introduction of lldp protocol 115
- Chapter 15 lldp configuration 115
- Configure lldp hello time 115
- Enable disable global lldp 115
- Lldp configuration 115
- Lldp configuration list 115
- Configure lldp hold time 116
- Display lldp information 116
- Interface lldp packet receiving sending mode configuration 116
- Brief introduction of errp 118
- Chapter 16 errp command configuration 118
- Configure errp timer 118
- Errp configuration 118
- Errp configuration list 118
- Configure control vlan of errp domain 119
- Create errp ring 119
- Enter errp configuration mode 119
- Display errp domain and ring information 120
- Enable disable errp ring 120
- Brief introduction of pppoe plus 121
- Chapter 17 pppoe plus configuration 121
- Configure pppoe plus type 121
- Enable disable pppoe plus 121
- Pppoe plus configuration 121
- Pppoe plus configuration list 121
- Brief introduction of cfm 122
- Cfm configuration 122
- Cfm configuration list 122
- Chapter 18 cfm configuration 122
- Configure cfm domain 122
- Configure cfm mep level 122
- Configure cfm cc interval 123
- Configure cfm mip level 123
- Configure remote cfm rmep level 123
- Cfm ping 124
- Enable disable vlan sending cfm cc enable level 124
- 0 display cfm domain 125
- 1 display cfm maintenance points local 125
- Cfm traceroute 125
- 2 display cfm maintenance points remote 126
- 3 display cfm cc database 126
- 4 display cfm errors 126
- Brief introduction of flex links 127
- Chapter 19 flex links configuration 127
- Configure flex links preemption mode 127
- Enable or disable flex links of interface or convergent interface 127
- Flex links configuration 127
- Flex links configuration list 127
- Configure flex links preemption mode delay 128
- Configure macmoveupdate of flex links 128
- Disaply flex links information 128
- Chapter 20 efm configuration 130
- Configure efm working mode 130
- Efm configuration 130
- Efm configuration list 130
- Efm overview 130
- Enable disable efm 130
- Configure efm pdu timeout 131
- Configure link timeout 131
- Configure response timeout 131
- Configure link monitoring 132
- 0 enable disable remote mib variable obtaining 133
- 1 enable disable remote loopback 133
- Enable disable link monitoring 133
- Enable disable remote failure indication 133
- 2 enable stop remote loopback 134
- 3 configure handling remote loopback querying packet 134
- 4 show efm status 134
- 5 show efm info 135
- 6 show efm discovery 135
- 7 show clear efm statistics 135
- 8 show remote mib 136
Похожие устройства
- Qtech QSW-3200-28T Техническое описание
- Qtech QSW-3200-28FC Руководство пользователя
- Qtech QSW-3200-28FC Техническое описание
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-24-Т-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-DC Руководство пользователя
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-AC Руководство пользователя
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-DC Руководство пользователя
- Qtech QSW-3900-24-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-SFP-AC Руководство пользователя v1-7