![Qtech QSW-8200-52T-AC [20/114] Ip ipv6 mac mac ip access group interface mode](/img/pdf.png)
Qtech QSW-8200-52T-AC [20/114] Ip ipv6 mac mac ip access group interface mode
![Qtech QSW-8200-52T-AC [20/114] Ip ipv6 mac mac ip access group interface mode](/views2/1596645/page20/bg14.png)
User Manual
Chapter 1. Commands for ACL 20
www.qtech.ru
ACL. Ingress direction of the port can bind four kinds of ACL at the same time, there are
four resources on egress direction of the port, IP ACL and MAC ACL engage one
resource severally, MAC-IP ACL and IPv6 ACL engage two resources severally, so egress
direction of the port can not bind four kinds of ACL at the same time. When binding
three kinds of ACL at the same time, it should be the types of IP, MAC, MAC-IP or IP,
MAC, IPv6. When binding two kinds of ACL at the same time, any combination of ACL
type is valid. Each type can only apply one on the port.
At present, notice the following contents when binding Egress ACL to port.
IP ACL that match tcp/udp range can not be bound
MAC-IP ACL that match tcp/udp range can not be bound
IP ACL that match flowlabel can not be bound
There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP
ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when
a data packet matches multi types of four ACLs. The strict priorities are specified for
each ACL based on outcome veracity. It can determine final behavior of packet filter
through priority when the filter behavior has a conflict.
When binding ACL to port, there are some limits as below:
Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL;
When binding four ACLs and data packet matching the multi ACLs simultaneity, the
priority from high to low are shown as below,
o Ingress IPv6 ACL
o Ingress MAC-IP ACL
o Ingress MAC ACL
o Ingress IP ACL
Example: Binding AAA access-list to entry direction of port.
Switch(Config-If-Ethernet1/0/5)#ip access-group aaa in
1.18 {ip|ipv6|mac|mac-ip} access-group (Interface Mode)
This command is not supported by switch.
1.19 mac access extended
Command: mac-access-list extended <name>
no mac-access-list extended <name>
Functions: Define a name-manner MAC ACL or enter access-list configuration mode,
“no mac-access-list extended <name>” command deletes this ACL.
Parameters: <name> name of access-list excluding blank or quotation mark, and it
must start with letter, and the length cannot exceed 32. (remark: sensitivity on capital
or small letter.)
Command Mode: Global mode
Содержание
- Content 2
- Chapter 11 commands for savi 99 7
- Commands for monitor and debug 105 7
- Commands for savi 99 7
- Pppoe intermediate agent trust 93 7
- Pppoe intermediate agent type self defined circuit id 94 7
- Pppoe intermediate agent type self defined remoteid 94 7
- Pppoe intermediate agent type tr 101 circuit id access node id 95 7
- Pppoe intermediate agent type tr 101 circuit id identifier string option delimiter 95 7
- Pppoe intermediate agent vendor tag strip 96 7
- Show pppoe intermediate agent access node id 97 7
- Show pppoe intermediate agent identifier string option delimiter 97 7
- Show pppoe intermediate agent info 97 7
- Absolute periodic periodic 9
- Chapter 1 commands for acl 9
- Absolute start 10
- Access list deny preemption 10
- Access list ip extended 10
- Access list ip standard 12
- Access list mac extended 12
- Access list mac ip extended 13
- Access list mac standard 15
- Clear access group in out statistic interface 16
- Firewall 16
- Firewall default 16
- Ip access extended 16
- Ip access standard 17
- Ipv6 access list 17
- Ipv6 access standard 18
- Ip ipv6 mac mac ip access group 19
- Ipv6 access extended 19
- Ip ipv6 mac mac ip access group interface mode 20
- Mac access extended 20
- Mac ip access extended 21
- Permit deny ip extended 21
- Permit deny ip standard 22
- Permit deny ipv6 extended 23
- Permit deny ipv6 standard 24
- Permit deny mac extended 24
- Permit deny mac ip extended 26
- Show access lists 28
- Show access group 29
- Show firewall 30
- Show ipv6 access lists 30
- Show time range 31
- Time range 31
- Chapter 2 commands for 802 x 33
- Debug dot1x detail 33
- Debug dot1x error 33
- Debug dot1x fsm 34
- Debug dot1x packet 34
- Dot1x accept mac 35
- Dot1x eapor enable 35
- Dot1x enable 36
- Dot1x guest vlan 36
- Dot1x ipv6 passthrough 36
- Dot1x macbased guest vlan 37
- Dot1x macfilter enable 37
- Dot1x macbased port down flush 38
- Dot1x max req 38
- Dot1x user allow movement 39
- Dot1x user free resource 39
- Dot1x max user macbased 40
- Dot1x max user userbased 40
- Dot1x port control 41
- Dot1x portbased mode single mode 41
- Dot1x port method 42
- Dot1x privateclient enable 42
- Dot1x privateclient protect enable 43
- Dot1x re authenticate 43
- Dot1x re authentication 43
- Dot1x timeout quiet period 44
- Dot1x timeout re authperiod 44
- Dot1x timeout tx period 45
- Dot1x unicast enable 45
- Dot1x web authentication enable 45
- Dot1x web authentication ipv6 passthrough 45
- Dot1x web redirect 46
- Dot1x web redirect enable 46
- Show dot1x 46
- User control limit ipv4 48
- User control limit ipv6 48
- Chapter 3 commands for the number limitation 50
- Debug ip arp count 50
- Debug ipv6 nd count 50
- Function of mac and ip in port vlan 50
- Debug switchport arp count 51
- Debug switchport mac count 51
- Debug switchport nd count 52
- Debug vlan mac count 52
- Ip arp dynamic maximum 53
- Ipv6 nd dynamic maximum 53
- Mac address query timeout 54
- Show arp dynamic count 54
- Show mac address dynamic count 55
- Show nd dynamic count 55
- Switchport arp dynamic maximum 56
- Switchport mac address dynamic maximum 56
- Switchport mac address violation 57
- Switchport nd dynamic maximum 58
- Vlan mac address dynamic maximum 58
- Am enable 60
- Am ip pool 60
- Am port 60
- Chapter 4 commands for am configuration 60
- Am mac ip pool 61
- No am all 61
- Show am 61
- Aaa accounting enable 63
- Aaa accounting update 63
- Aaa enable 63
- Chapter 5 commands for radius 63
- Debug aaa detail attribute 64
- Debug aaa packet 64
- Debug aaa detail connection 65
- Debug aaa detail event 65
- Debug aaa error 65
- Radius nas ipv4 66
- Radius nas ipv6 66
- Radius server accounting host 67
- Radius server authentication host 68
- Radius server dead time 69
- Radius server key 69
- Radius server retransmit 69
- Radius server accounting interim update timeout 70
- Radius server timeout 70
- Show aaa authenticated user 71
- Show aaa authenticating user 72
- Show aaa config 72
- Show radius authenticated user count 73
- Show radius authenticating user count 73
- Show radius count 74
- Chapter 6 commands for ssl configuration 75
- Ip http secure ciphersuite 75
- Ip http secure port 75
- Ip http secure server 75
- Debug ssl 76
- Show ip http secure server status 76
- Chapter 7 commands for ipv6 security ra 77
- Ipv6 security ra enable 77
- Show ipv6 security ra 77
- Debug ipv6 security ra 78
- Chapter 8 commands for vlan acl 79
- Clear vacl statistic vlan 79
- Show vacl vlan 79
- Vacl ip access group 81
- Vacl ipv6 access group 81
- Vacl mac access group 82
- Vacl mac ip access group 82
- Authentication mab 83
- Chapter 9 commands for mab 83
- Clear mac authentication bypass binding 83
- Debug mac authentication bypass 84
- Mac authentication bypass binding limit 84
- Mac authentication bypass enable 84
- Mac authentication bypass guest vlan 85
- Mac authentication bypass spoofing garp check 85
- Mac authentication bypass timeout linkup period 85
- Mac authentication bypass timeout offline detect 86
- Mac authentication bypass timeout quiet period 86
- Mac authentication bypass timeout reauth period 87
- Mac authentication bypass timeout stale period 87
- Mac authentication bypass username format 87
- Show mac authentication bypass 88
- Chapter 10 commands for pppoe intermediate agent 91
- Debug pppoe intermediate agent packet receive send interface 91
- Pppoe intermediate agent 91
- Pppoe intermediate agent circuit id 92
- Pppoe intermediate agent delimiter 92
- Pppoe intermediate agent port 92
- Pppoe intermediate agent format 93
- Pppoe intermediate agent remote id 93
- Pppoe intermediate agent trust 93
- Pppoe intermediate agent type self defined circuit id 94
- Pppoe intermediate agent type self defined remoteid 94
- Delimiter 95
- Pppoe intermediate agent type tr 101 circuit id access node id 95
- Pppoe intermediate agent type tr 101 circuit id identifier string option 95
- Pppoe intermediate agent vendor tag strip 96
- Show pppoe intermediate agent access node id 97
- Show pppoe intermediate agent identifier string option delimiter 97
- Show pppoe intermediate agent info 97
- Chapter 11 commands for savi 99
- Commands for savi 99
- Commands for monitor and debug 105
- Chapter 12 commands for web portal configuration 109
- Clear webportal binding 109
- Debug webportal binding 109
- Debug webportal error 109
- Debug webportal event 110
- Debug webportal packet 110
- Ip dhcp snooping binding webportal 111
- Show webportal 111
- Show webportal binding 112
- Webportal binding limit 112
- Webportal enable 113
- Webportal enable port 113
- Webportal nas ip 113
- Webportal redirect 114
Похожие устройства
- Qtech QSW-8200-52T-AC Команды интерфейса уровня 3
- Qtech QSW-8200-52T-AC Команды надёжности
- Qtech QSW-8200-52T-AC Команды настройки vlan
- Qtech QSW-8200-52T-AC Команды отладки и диагностики
- Qtech QSW-8200-52T-AC Команды управления сетевым временем
- Qtech QSW-8200-52T-AC Руководство пользователя
- Qtech QSW-8200-52T-AC-DC Команды для dhcp-сервера
- Qtech QSW-8200-52T-AC-DC Команды для mstp
- Qtech QSW-8200-52T-AC-DC Команды для poe
- Qtech QSW-8200-52T-AC-DC Команды для qos
- Qtech QSW-8200-52T-AC-DC Команды для базовой конфигурации
- Qtech QSW-8200-52T-AC-DC Команды для настройки портов
- Qtech QSW-8200-52T-AC-DC Команды для потокового монитора
- Qtech QSW-8200-52T-AC-DC Команды для протокола маршрутизаций
- Qtech QSW-8200-52T-AC-DC Команды для протокола многоадресной рассылки
- Qtech QSW-8200-52T-AC-DC Команды для функции безопасности
- Qtech QSW-8200-52T-AC-DC Команды интерфейса уровня 3
- Qtech QSW-8200-52T-AC-DC Команды надёжности
- Qtech QSW-8200-52T-AC-DC Команды настройки vlan
- Qtech QSW-8200-52T-AC-DC Команды отладки и диагностики
Скачать
Случайные обсуждения