Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 5448 » Manual Viewer

Dell PowerConnect 5448 User's Guide - Page 262

IP Based ACLs, Configuring IP Based ACLs with CLI Commands

View all Dell PowerConnect 5448 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 262 highlights

Configuring IP Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring IP Based ACLs. Table 7-5. IP Based ACL CLI Commands CLI Command Description ip access-list access-list-name no ip access-list access-list-name To define an IPv4 access list and to place the device in IPv4 access list configuration mode, use the ipv4 access-list command in global configuration mode. To remove the access list, use the no form of this command. permit {any| protocol} {any|{source source-wildcard}} To set conditions to allow a packet to pass {any|{destination destination-wildcard}} [dscp number | a named IP access list, use the permit ip-precedence number] [fragments] command in access list configuration permit-icmp {any|{source source-wildcard}} {any|{destination mode. destination-wildcard}} {any|icmp-type} {any|icmp-code} [dscp number | ip-precedence number] permit-igmp {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|igmp-type} [dscp number | ip-precedence number] permit-tcp {any|{ source source-wildcard}} {any|source-port} {any|{ destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-flags] permit-udp {any|{ source source-wildcard}} {any| source-port} {any|{destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-wildcard}} [dscp number | ipprecedence number] [fragments] deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|icmp-type} {any|icmpcode} [dscp number | ip-precedence number] To set conditions to allow a packet to pass a named IP access list, use the deny command in access list configuration mode. deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|igmp-type} [dscp number | ip-precedence number] deny-tcp [disable-port] {any|{ source source-wildcard}} {any|sourceport} {any|{ destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-flags] deny-udp [disable-port] {any|{ source source-wildcard}} {any| sourceport} {any|{destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] 262 Configuring Device Information

Section	Page
User Guide	1
Introduction	13
PowerConnect 54xx Series Systems	13
Features	14
General Features	14
MAC Address Supported Features	15
Layer 2 Features	16
VLAN Supported Features	17
Spanning Tree Protocol Features	18
Link Aggregation	18
Layer 3 Features	19
Quality of Service Features	19
Device Management Features	20
Security Features	21
Locked Port Support	22
Additional CLI Documentation	23
Hardware Description	25
Device Port Configurations	25
PowerConnect 54xx Series Systems Front Panel Port Description	25
PowerConnect Back Panel Port Description	26
Device Ports	26
Physical Dimensions	27
LED Definitions	27
Port LEDs	27
System LEDs	28
Hardware Components	29
Power Supplies	29
Reset Button	30
Ventilation System	30
Installing the PowerConnect Device	31
Installation Precautions	31
Site Requirements	32
Unpacking	32
Package Contents	32
Unpacking the Device	32
Mounting the Device	33
Overview	33
Mounting the System	33
Installing the Device without a Rack	34
Connecting the Device	34
Connecting a Device to a Terminal	34
Connecting a Device to a Power Supply	36
Port Connections, Cables, and Pinout Information	36
RJ-45 Connections for 10/100/1000BaseT Ports	36
Port Default Settings	37
Auto-Negotiation	37
MDI/MDIX	38
Flow Control	38
Back Pressure	38
Switching Port Default Settings	38
Starting and Configuring the Device	39
Configure the Terminal	40
Booting the Device	40
Initial Configuration	43
Advanced Configuration	47
Retrieving an IP Address From a DHCP Server	47
Receiving an IP Address From a BOOTP Server	49
Security Management and Password Configuration	49
Configuring Security Passwords	50
Configuring an Initial Terminal Password	50
Configuring an Initial Telnet Password	50
Configuring an Initial SSH Password	51
Configuring an Initial HTTP Password	51
Configuring an Initial HTTPS Password	51
Configuring Login Banners	52
Startup Procedures	52
Startup Menu Procedures	52
Software Download	54
Erase FLASH File	54
Erasing the Device Configuration	54
Password Recovery	54
Software Download Through TFTP Server	55
Using Dell OpenManage Switch Administrator	59
Understanding the Interface	59
Device Representation	60
Using the Switch Administrator Buttons	61
Information Buttons	61
Device Management Buttons	61
Starting the Application	62
Accessing the Device Through the CLI	62
Console Connection	62
Telnet Connection	62
Using the CLI	63
Command Mode Overview	63
User EXEC Mode	63
Privileged EXEC Mode	64
Global Configuration Mode	64
Interface Configuration Mode	65
CLI Examples	66
Configuring System Information	67
Defining General Device Information	67
Viewing Device Information	67
Defining System Time Settings	71
Viewing System Health Information	77
Viewing the Versions Page	79
Resetting the Device	80
Configuring SNTP Settings	81
Defining SNTP Global Parameters	82
Defining SNTP Authentication Methods	84
Defining SNTP Servers	86
Defining SNTP Interfaces	91
Managing Logs	93
Defining Global Log Parameters	93
Displaying RAM Log Table	97
Displaying the Log File Table	99
Viewing the Device Login History	101
Configuring the Remote Log Server Settings Page	102
Defining Device IP Addresses	107
Configuring the Internet Protocol Version 6 (IPv6)	107
Defining IPv4 Default Gateways	108
Defining IPv4 Interfaces	109
Defining DHCP IPv4 Interface Parameters	113
Defining IPv6 Interfaces	115
Defining IPv6 Default Gateway	120
Defining IPv6 ISATAP Tunnels	123
Defining IPv6 Neighbors	125
Viewing the IPv6 Routes Table	129
Configuring Domain Name Systems	132
Defining Default Domains	135
Mapping Domain Host	136
Configuring ARP	139
Running Cable Diagnostics	142
Viewing Copper Cable Diagnostics	142
Viewing Optical Transceiver Diagnostics	145
Managing Device Security	147
Defining Access Profiles	147
Adding an Access Profile	149
Defining Authentication Profiles	154
Assigning Authentication Profiles	157
Managing Passwords	161
Viewing Active Users	164
Defining the Local User Databases	165
Defining Line Passwords	168
Defining Enable Passwords	170
Defining TACACS+ Settings	171
Configuring RADIUS Global Parameters	176
Configuring LLDP and LLDP-MED	181
Defining LLDP Properties	182
Configuring LLDP Using CLI Commands	183
Defining LLDP Port Settings	183
Defining LLDP MED Network Policy	186
Defining LLDP MED Port Settings	188
Viewing the LLDP Neighbors Information	192
Defining SNMP Parameters	194
Defining SNMP Global Parameters	194
Defining SNMP View Settings	197
Adding a View	199
Defining SNMP Views Using CLI Commands	200
Defining SNMP Access Control	200
Defining SNMP Groups	202
Displaying the Access Table	202
Removing SNMP Groups	203
Defining SNMP Access Control Using CLI Commands	203
Assigning SNMP User Security	203
Adding Users to a Group	205
Displaying the User Security Model Table	206
Deleting an User Security Model Table Entry	206
Defining Communities	207
Defining Notification Filters	212
Defining SNMP Notification Recipients	214
Managing Files	220
File Management Overview	220
Downloading Files	221
Uploading Files	224
Copying Files	227
Managing Device Files	229
Defining Advanced Settings	230
Configuring General Device Tuning Parameters	231
Optimizing iSCSI	232
Configuring iSCSI Global Parameters	232
Defining iSCSI Global Parameters Using CLI Commands	234
Managing iSCSI Targets	236
Defining iSCSI Targets Using CLI Commands	237
Monitoring iSCSI Sessions	238
Defining iSCSI Sessions Using CLI Commands	239
Configuring Device Information	241
Configuring Network Security	241
Configuring Advanced Port Based Authentication	248
Authenticating Users	251
Configuring Port Security	252
ACL Overview	256
Defining MAC Based Access Control Lists	263
Defining ACL Binding	267
Configuring DHCP Snooping	269
Defining DHCP Snooping on VLANs	272
Defining Trusted Interfaces	273
Adding Interfaces to the DHCP Snooping Database	275
Configuring Ports	278
Defining Port Parameters	278
Configuring Load Balancing	284
Enabling Storm Control	289
Defining Port Mirroring Sessions	292
Configuring Address Tables	295
Viewing Dynamic Addresses	298
Configuring GARP	301
Configuring the Spanning Tree Protocol	303
Defining STP Port Settings	308
Defining STP LAG Settings	312
Configuring Rapid Spanning Tree	314
Configuring Multiple Spanning Tree	317
Defining MSTP Interface Settings	321
Configuring VLANs	323
Defining VLAN Ports Settings	331
Defining VLAN LAG Settings	334
Defining VLAN Protocol Groups	337
Adding Protocol Ports	339
Configuring GVRP	340
Configuring Voice VLANs	343
Defining Voice VLAN Port Settings	347
Defining OUIs	349
Aggregating Ports	351
Defining LAG Membership	354
Multicast Forwarding Support	355
Adding Bridge Multicast Address Members	358
Assigning Multicast Forward All Parameters	362
IGMP Snooping	366
Unregistered Multicast	371
Viewing Statistics	375
Viewing Tables	375
Viewing Utilization Summary	375
Viewing Counter Summary	376
Viewing Interface Statistics	377
Viewing Etherlike Statistics	380
Viewing GVRP Statistics	383
Viewing EAP Statistics	387
Viewing RMON Statistics	389
Viewing RMON Statistics Group	389
Viewing RMON History Control Statistics	392
Viewing the RMON History Table	394
Defining Device RMON Events	396
Viewing the RMON Events Log	399
Defining RMON Device Alarms	401
Viewing Charts	404
Viewing Port Statistics	404
Viewing LAG Statistics	406
Viewing the CPU Utilization	409
Viewing CPU Utilization Using CLI Commands	410
Configuring Quality of Service	411
Defining CoS Global Parameters	413
Defining QoS Interface Settings	414
Defining Bandwidth Settings	416
Defining Queue Settings	419
Mapping CoS Values to Queues	422
Mapping DSCP Values to Queues	423
Device Specifications	427
Port and Cable Specifications	427
Port Specifications	427
Operating Conditions	428
Physical Device Specifications	428
Device Memory Specifications	428
Feature Specifications	429
VLAN	429
Quality of Service	429
Layer 2 Multicast	429
Device Security	429
Additional Switching Features	430
Device Management	430

Match case Limit results 1 per page

262

Configuring Device Information

Configuring IP Based ACLs with CLI Commands

The following table summarizes the equivalent CLI commands for configuring

IP Based ACLs

Table 7-5.

IP Based ACL CLI Commands

CLI Command

Description

ip access-list

access-list-name

no ip access-list

access-list-name

To define an IPv4 access list and to place

the device in IPv4 access list configuration

mode, use the ipv4 access-list command

in global configuration mode. To remove

the access list, use the no form of this

command.

permit

{any|

protocol

} {any|{

source

source-wildcard

}}

{any|{

destination

destination-wildcard

}} [dscp

number

ip-precedence

number

] [fragments]

permit-icmp {any|{

source source-wildcard

}} {any|{

destination

destination-wildcard

}} {any|

icmp-type

} {any|

icmp-code

} [dscp

number

| ip-precedence

number

]

permit-igmp {any|{

source source-wildcard

}} {any|{

destination

destination-wildcard

}} {any|

igmp-type

} [dscp

number

| ip-precedence

number

]

permit-tcp {any|{

source source-wildcard

}} {any|

source-port

} {any|{

destination destination-wildcard

}} {any|

destination-port

} [dscp

number

| ip-precedence

number

]

[flags

list-of-flags

]

permit-udp {any|{

source source-wildcard

}} {any|

source-port

}

{any|{

destination destination-wildcard

}} {any|

destination-port

} [dscp

number

| ip-precedence

number

]

To set conditions to allow a packet to pass

a named IP access list, use the permit

command in access list configuration

mode.

deny [disable-port] {any|

protocol

} {any|{

source source-wildcard

}}

{any|{

destination destination-wildcard

}} [dscp

number

| ip-

precedence

number

] [fragments]

deny-icmp [disable-port] {any|{

source source-wildcard

}}

{any|{

destination destination-wildcard

}} {any|

icmp-type

} {any|

icmp-

code

} [dscp

number

| ip-precedence

number

]

deny-igmp

[disable-port] {any|{

source source-wildcard

}}

{any|{

destination destination-wildcard

}} {any|

igmp-type

} [dscp

number

| ip-precedence

number

]

deny-tcp [disable-port] {any|{

source source-wildcard

}} {any|

source-

port

} {any|{

destination destination-wildcard

}} {any|

destination-port

}

[dscp

number

| ip-precedence

number

]

[flags

list-of-flags

]

deny-udp [disable-port] {any|{

source source-wildcard

}} {any|

source-

port

} {any|{

destination destination-wildcard

}} {any|

destination-port

}

[dscp

number

| ip-precedence

number

]

To set conditions to allow a packet to pass

a named IP access list, use the deny

command in access list

configuration mode.