![Qtech QSW-8200-52T-AC [13/114] Access list mac ip extended](/img/pdf.png)
Qtech QSW-8200-52T-AC [13/114] Access list mac ip extended
![Qtech QSW-8200-52T-AC [13/114] Access list mac ip extended](/views2/1596645/page13/bgd.png)
User Manual
Chapter 1. Commands for ACL 13
www.qtech.ru
Functions: Define an extended numeric MAC ACL rule, “no access-list <num>”
command deletes an extended numeric MAC access-list rule.
Parameters: <num> is the access-list No. which is a decimal’s No. from 1100-1199;
deny if rules are matching, deny access; permit if rules are matching, permit access;
<any-source-mac> any source address; <any-destination-mac> any destination
address; <host_smac>, <smac> source MAC address; <smac-mask> mask (reverse
mask) of source MAC address; <host_dmac> , <dmac> destination MAC address;
<dmac-mask> mask (reverse mask) of destination MAC address; untagged-eth2 format
of untagged ethernet II packet; tagged-eth2 format of tagged ethernet II packet;
untagged-802-3 format of untagged ethernet 802.3 packet; tagged-802-3 format of
tagged ethernet 802.3 packet. Offset(x) the offset from the packet head, the range is
(12-79), the windows must start from the back of source MAC, and the windows cannot
superpose each other, and that is to say: Offset(x+1) must be longer than Offset(x)+
len(x); Length(x) length is 1-4, and Offset(x)+Length(x) should not be longer than
80(currently should not be longer than 64); Value(x) hex expression, Value range:
when Length(x) =1, it is 0-ff, when Length(x) =2, it is 0-ffff , when Length(x) =3, it is0-
ffffff, when Length(x) =4, it is 0-ffffffff ;
For Offset(x), different types of data frames are with different value ranges:
for untagged-eth2 type frame: <12~75>
for untagged-802.2 type frame: <20~75>
for untagged-eth2 type frame: <12~79>
for untagged-eth2 type frame: <12~15> <24~79>
Command Mode: Global mode
Default Configuration: No access-list configured
Usage Guide: When the user assign specific <num> for the first time, ACL of the serial
number is created, then the lists are added into this ACL.
Examples: Permit tagged-eth2 with any source MAC addresses and any destination
MAC addresses and the packets whose 17th and 18th byte is 0x08, 0x0 to pass.
Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-
eth2 16 2 0800
1.7 access-list(mac-ip extended)
Command:
access-list<num>{deny|permit}{any-source-mac| {host-source-
mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-
mac <host_dmac>}|{<dmac><dmac-mask>}}icmp {{<source><source-wildcard>}|any-
source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-
destination| {host-destination<destination-host-ip>}}[<icmp-type> [<icmp-code>]]
[precedence <precedence>] [tos <tos>][time-range<time-range-name>]
access-list<num>{deny|permit}{any-source-mac| {host-source-
mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-
Содержание
- Content 2
- Chapter 11 commands for savi 99 7
- Commands for monitor and debug 105 7
- Commands for savi 99 7
- Pppoe intermediate agent trust 93 7
- Pppoe intermediate agent type self defined circuit id 94 7
- Pppoe intermediate agent type self defined remoteid 94 7
- Pppoe intermediate agent type tr 101 circuit id access node id 95 7
- Pppoe intermediate agent type tr 101 circuit id identifier string option delimiter 95 7
- Pppoe intermediate agent vendor tag strip 96 7
- Show pppoe intermediate agent access node id 97 7
- Show pppoe intermediate agent identifier string option delimiter 97 7
- Show pppoe intermediate agent info 97 7
- Absolute periodic periodic 9
- Chapter 1 commands for acl 9
- Absolute start 10
- Access list deny preemption 10
- Access list ip extended 10
- Access list ip standard 12
- Access list mac extended 12
- Access list mac ip extended 13
- Access list mac standard 15
- Clear access group in out statistic interface 16
- Firewall 16
- Firewall default 16
- Ip access extended 16
- Ip access standard 17
- Ipv6 access list 17
- Ipv6 access standard 18
- Ip ipv6 mac mac ip access group 19
- Ipv6 access extended 19
- Ip ipv6 mac mac ip access group interface mode 20
- Mac access extended 20
- Mac ip access extended 21
- Permit deny ip extended 21
- Permit deny ip standard 22
- Permit deny ipv6 extended 23
- Permit deny ipv6 standard 24
- Permit deny mac extended 24
- Permit deny mac ip extended 26
- Show access lists 28
- Show access group 29
- Show firewall 30
- Show ipv6 access lists 30
- Show time range 31
- Time range 31
- Chapter 2 commands for 802 x 33
- Debug dot1x detail 33
- Debug dot1x error 33
- Debug dot1x fsm 34
- Debug dot1x packet 34
- Dot1x accept mac 35
- Dot1x eapor enable 35
- Dot1x enable 36
- Dot1x guest vlan 36
- Dot1x ipv6 passthrough 36
- Dot1x macbased guest vlan 37
- Dot1x macfilter enable 37
- Dot1x macbased port down flush 38
- Dot1x max req 38
- Dot1x user allow movement 39
- Dot1x user free resource 39
- Dot1x max user macbased 40
- Dot1x max user userbased 40
- Dot1x port control 41
- Dot1x portbased mode single mode 41
- Dot1x port method 42
- Dot1x privateclient enable 42
- Dot1x privateclient protect enable 43
- Dot1x re authenticate 43
- Dot1x re authentication 43
- Dot1x timeout quiet period 44
- Dot1x timeout re authperiod 44
- Dot1x timeout tx period 45
- Dot1x unicast enable 45
- Dot1x web authentication enable 45
- Dot1x web authentication ipv6 passthrough 45
- Dot1x web redirect 46
- Dot1x web redirect enable 46
- Show dot1x 46
- User control limit ipv4 48
- User control limit ipv6 48
- Chapter 3 commands for the number limitation 50
- Debug ip arp count 50
- Debug ipv6 nd count 50
- Function of mac and ip in port vlan 50
- Debug switchport arp count 51
- Debug switchport mac count 51
- Debug switchport nd count 52
- Debug vlan mac count 52
- Ip arp dynamic maximum 53
- Ipv6 nd dynamic maximum 53
- Mac address query timeout 54
- Show arp dynamic count 54
- Show mac address dynamic count 55
- Show nd dynamic count 55
- Switchport arp dynamic maximum 56
- Switchport mac address dynamic maximum 56
- Switchport mac address violation 57
- Switchport nd dynamic maximum 58
- Vlan mac address dynamic maximum 58
- Am enable 60
- Am ip pool 60
- Am port 60
- Chapter 4 commands for am configuration 60
- Am mac ip pool 61
- No am all 61
- Show am 61
- Aaa accounting enable 63
- Aaa accounting update 63
- Aaa enable 63
- Chapter 5 commands for radius 63
- Debug aaa detail attribute 64
- Debug aaa packet 64
- Debug aaa detail connection 65
- Debug aaa detail event 65
- Debug aaa error 65
- Radius nas ipv4 66
- Radius nas ipv6 66
- Radius server accounting host 67
- Radius server authentication host 68
- Radius server dead time 69
- Radius server key 69
- Radius server retransmit 69
- Radius server accounting interim update timeout 70
- Radius server timeout 70
- Show aaa authenticated user 71
- Show aaa authenticating user 72
- Show aaa config 72
- Show radius authenticated user count 73
- Show radius authenticating user count 73
- Show radius count 74
- Chapter 6 commands for ssl configuration 75
- Ip http secure ciphersuite 75
- Ip http secure port 75
- Ip http secure server 75
- Debug ssl 76
- Show ip http secure server status 76
- Chapter 7 commands for ipv6 security ra 77
- Ipv6 security ra enable 77
- Show ipv6 security ra 77
- Debug ipv6 security ra 78
- Chapter 8 commands for vlan acl 79
- Clear vacl statistic vlan 79
- Show vacl vlan 79
- Vacl ip access group 81
- Vacl ipv6 access group 81
- Vacl mac access group 82
- Vacl mac ip access group 82
- Authentication mab 83
- Chapter 9 commands for mab 83
- Clear mac authentication bypass binding 83
- Debug mac authentication bypass 84
- Mac authentication bypass binding limit 84
- Mac authentication bypass enable 84
- Mac authentication bypass guest vlan 85
- Mac authentication bypass spoofing garp check 85
- Mac authentication bypass timeout linkup period 85
- Mac authentication bypass timeout offline detect 86
- Mac authentication bypass timeout quiet period 86
- Mac authentication bypass timeout reauth period 87
- Mac authentication bypass timeout stale period 87
- Mac authentication bypass username format 87
- Show mac authentication bypass 88
- Chapter 10 commands for pppoe intermediate agent 91
- Debug pppoe intermediate agent packet receive send interface 91
- Pppoe intermediate agent 91
- Pppoe intermediate agent circuit id 92
- Pppoe intermediate agent delimiter 92
- Pppoe intermediate agent port 92
- Pppoe intermediate agent format 93
- Pppoe intermediate agent remote id 93
- Pppoe intermediate agent trust 93
- Pppoe intermediate agent type self defined circuit id 94
- Pppoe intermediate agent type self defined remoteid 94
- Delimiter 95
- Pppoe intermediate agent type tr 101 circuit id access node id 95
- Pppoe intermediate agent type tr 101 circuit id identifier string option 95
- Pppoe intermediate agent vendor tag strip 96
- Show pppoe intermediate agent access node id 97
- Show pppoe intermediate agent identifier string option delimiter 97
- Show pppoe intermediate agent info 97
- Chapter 11 commands for savi 99
- Commands for savi 99
- Commands for monitor and debug 105
- Chapter 12 commands for web portal configuration 109
- Clear webportal binding 109
- Debug webportal binding 109
- Debug webportal error 109
- Debug webportal event 110
- Debug webportal packet 110
- Ip dhcp snooping binding webportal 111
- Show webportal 111
- Show webportal binding 112
- Webportal binding limit 112
- Webportal enable 113
- Webportal enable port 113
- Webportal nas ip 113
- Webportal redirect 114
Похожие устройства
- Qtech QSW-8200-52T-AC Команды интерфейса уровня 3
- Qtech QSW-8200-52T-AC Команды надёжности
- Qtech QSW-8200-52T-AC Команды настройки vlan
- Qtech QSW-8200-52T-AC Команды отладки и диагностики
- Qtech QSW-8200-52T-AC Команды управления сетевым временем
- Qtech QSW-8200-52T-AC Руководство пользователя
- Qtech QSW-8200-52T-AC-DC Команды для dhcp-сервера
- Qtech QSW-8200-52T-AC-DC Команды для mstp
- Qtech QSW-8200-52T-AC-DC Команды для poe
- Qtech QSW-8200-52T-AC-DC Команды для qos
- Qtech QSW-8200-52T-AC-DC Команды для базовой конфигурации
- Qtech QSW-8200-52T-AC-DC Команды для настройки портов
- Qtech QSW-8200-52T-AC-DC Команды для потокового монитора
- Qtech QSW-8200-52T-AC-DC Команды для протокола маршрутизаций
- Qtech QSW-8200-52T-AC-DC Команды для протокола многоадресной рассылки
- Qtech QSW-8200-52T-AC-DC Команды для функции безопасности
- Qtech QSW-8200-52T-AC-DC Команды интерфейса уровня 3
- Qtech QSW-8200-52T-AC-DC Команды надёжности
- Qtech QSW-8200-52T-AC-DC Команды настройки vlan
- Qtech QSW-8200-52T-AC-DC Команды отладки и диагностики
Скачать
Случайные обсуждения