Home » Netgear Manuals » Hubs & Switches » Netgear GSM7224v1 » Manual Viewer

Netgear GSM7224v1 GSM7212 Command line reference manual - Page 246

access-list

Add to My Manuals
Save this manual to your list of manuals

Page 246 highlights

Command Line Interface Reference for the ProSafe 7200 Series Layer-2 Switches, Software Ver- • Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for the network address, and has zeros (0's) for the bit positions that are not used. In contrast, a wildcard mask has (0's) in a bit position that must be checked. A '1' in a bit position of the ACL mask indicates the corresponding bit can be ignored. 14.8.1 access-list This command creates an IP Access Control List (ACL) that is identified by the ACL number. The IP ACL number is an integer from 1 to 99 for an IP standard ACL and from 100 to 199 for an IP extended ACL. The IP ACL rule is specified with either a permit or deny action. The protocol to filter for an IP ACL rule is specified by giving the protocol to be used like icmp,igmp,ip,tcp,udp. The command specifies a source IP address and source mask for match condition of the IP ACL rule specified by the srcip and srcmask parameters. The source layer 4 port match condition for the IP ACL rule is specified by the port value parameter. The range of values is from 0 to 65535. The parameter uses a single keyword notation and currently has the values of domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number, which is used as both the start and end of a port range. The command specifies a destination IP address and destination mask for match condition of the IP ACL rule specified by the dstip and dstmask parameters. The command specifies the TOS for an IP ACL rule depending on a match of precedence or DSCP values using the parameters dscp, precedence, tos/tosmask. The command specifies the assign-queue which is the queue identifier to which packets matching this rule are assigned. Default none IP Standard ACL: Format Mode access-list {deny | permit} {every | } [assign-queue ] Global Config 14-36 Quality of Service (QoS) Commands v1.0, February 2007

Section	Page
Command Line Interface Reference for the ProSafe 7200 Series Layer-2 Switches, Software Version 6.0	1
Contents	5
Chapter 1 About This Manual	21
1.1 Audience	21
1.2 Scope	21
1.3 Typographical Conventions	22
1.4 Special Message Formats	22
1.5 How to Use This Manual	23
1.6 How to Print this Manual	23
1.7 Revision History	24
Chapter 2 Overview	25
2.1 Scope	25
2.2 Product Concept	25
2.3 Using the Command-Line Interface	26
2.3.1 Command Syntax	26
2.3.2 Command Conventions	27
2.3.3 Unit-Slot-Port Naming Convention	29
2.3.4 Using the “No” Form of a Command	30
2.3.5 Command Modes	30
2.3.6 Entering CLI Commands	33
2.3.7 Using CLI Help	34
2.3.8 Accessing the CLI	35
Chapter 3 Administrative Access Commands	37
3.1 Network Interface Commands	37
3.1.1 enable	37
3.1.2 network parms (parameter)	38
3.1.3 network mgmt_vlan	38
3.1.4 network protocol	38
3.1.5 show network	39
3.2 Configuring the Switch Management CPU (ezconfig)	41
3.3 Console Port Access Commands	43
3.3.1 configuration	43
3.3.2 lineconfig	43
3.3.3 serial baudrate	44
3.3.4 serial timeout	44
3.3.5 show serial	45
3.4 Telnet Commands	46
3.4.1 telnet	46
3.4.2 transport input telnet	46
3.4.3 transport output telnet	47
3.4.4 session-limit	47
3.4.5 session-timeout	48
3.4.6 telnetcon maxsessions	48
3.4.7 telnetcon timeout	49
3.4.8 show telnet	49
3.4.9 show telnetcon	50
3.5 Secure Shell (SSH) Command	51
3.5.1 ip ssh	51
3.5.2 ip ssh protocol	51
3.5.3 sshcon maxsessions	52
3.5.4 sshcon timeout	52
3.5.5 show ip ssh	53
3.6 Hypertext Transfer Protocol (HTTP) Commands	53
3.6.1 ip http secure-port	53
3.6.2 ip http secure-protocol	54
3.6.3 ip http secure-server	54
3.6.4 ip http server	54
3.6.5 network javamode	55
3.6.6 show ip http	55
3.7 User Account Commands	56
3.7.1 users name	56
3.7.2 users passwd	57
3.7.3 users snmpv3 accessmode	57
3.7.4 users snmpv3 authentication	58
3.7.5 users snmpv3 encryption	58
3.7.6 show loginsession	59
3.7.7 show users	59
3.7.8 disconnect	60
Chapter 4 Port and System Setup Commands	61
4.1 Port Configuration Commands	61
4.1.1 interface	61
4.1.2 interface range	62
4.1.3 interface vlan	62
4.1.4 interface lag	62
4.1.5 cablestatus	62
4.1.6 auto-negotiate	63
4.1.7 auto-negotiate all	63
4.1.8 mtu	64
4.1.9 shutdown	64
4.1.10 shutdown all	65
4.1.11 speed	65
4.1.12 speed all	66
4.1.13 monitor session	66
4.1.14 no monitor	67
4.1.15 show monitor session	67
4.1.16 show port	67
4.1.17 show port protocol	68
4.1.18 show port status	69
4.2 Pre-login Banner and System Prompt Commands	69
4.2.1 copy	69
4.2.2 set prompt	69
4.3 Simple Network Time Protocol (SNTP) Commands	71
4.3.1 sntp broadcast client poll-interval	71
4.3.2 sntp client mode	71
4.3.3 sntp client port	72
4.3.4 sntp unicast client poll-interval	72
4.3.5 sntp unicast client poll-timeout	72
4.3.6 sntp unicast client poll-retry	73
4.3.7 sntp multicast client poll-interval	73
4.3.8 sntp server	74
4.3.9 show sntp	74
4.3.10 show sntp client	74
4.3.11 show sntp server	75
4.3.12 clock timezone	76
4.4 MAC Address and MAC Database Commands	76
4.4.1 network mac-address	77
4.4.2 network mac-type	77
4.4.3 macfilter	78
4.4.4 macfilter adddest	78
4.4.5 macfilter adddest all	79
4.4.6 macfilter addsrc	79
4.4.7 macfilter addsrc all	80
4.4.8 bridge aging-time	81
4.4.9 show forwardingdb agetime	82
4.4.10 show mac-address-table multicast	82
4.4.11 show mac-address-table static	83
4.4.12 show mac-address-table staticfiltering	84
4.4.13 show mac-address-table stats	84
4.5 DNS Client Commands	85
4.5.1 ip domain-lookup	86
4.5.2 ip domain-name	86
4.5.3 ip name-server	86
4.5.4 ip host	87
4.5.5 clear host	87
4.5.6 show hosts	87
Chapter 5 Spanning Tree Protocol Commands	89
5.1 STP Configuration Commands	89
5.1.1 spanning-tree	89
5.1.2 spanning-tree bpdumigrationcheck	90
5.1.3 spanning-tree configuration name	90
5.1.4 spanning-tree configuration revision	91
5.1.5 spanning-tree edgeport	91
5.1.6 spanning-tree edgeport all	91
5.1.7 spanning-tree forceversion	92
5.1.8 spanning-tree forward-time	92
5.1.9 spanning-tree hello-time	93
5.1.10 spanning-tree max-age	93
5.1.11 spanning-tree max-hops	94
5.1.12 spanning-tree mst	94
5.1.13 spanning-tree mst instance	95
5.1.14 spanning-tree mst priority	96
5.1.15 spanning-tree mst vlan	97
5.1.16 spanning-tree port mode	97
5.1.17 spanning-tree port mode all	97
5.1.18 spanning-tree bpduforwarding	98
5.2 STP Show Commands	98
5.2.1 show spanning-tree	98
5.2.2 show spanning-tree summary	100
5.2.3 show spanning-tree interface	101
5.2.4 show spanning-tree mst port detailed	102
5.2.5 show spanning-tree mst port summary	104
5.2.6 show spanning-tree mst summary	104
5.2.7 show spanning-tree vlan	105
Chapter 6 VLAN Commands	107
6.1 VLAN Configuration Commands	107
6.1.1 vlan database	107
6.1.2 network mgmt_vlan	108
6.1.3 vlan	108
6.1.4 vlan acceptframe	108
6.1.5 vlan ingressfilter	109
6.1.6 vlan makestatic	109
6.1.7 vlan name	110
6.1.8 vlan participation	110
6.1.9 vlan participation all	111
6.1.10 vlan port acceptframe all	111
6.1.11 vlan port pvid all	112
6.1.12 vlan port tagging all	112
6.1.13 vlan port ingressfilter all	113
6.1.14 Global Config	113
6.1.15 vlan protocol group	113
6.1.16 vlan protocol group add protocol	113
6.1.17 vlan protocol group remove	114
6.1.18 protocol group	114
6.1.19 protocol vlan group	115
6.1.20 protocol vlan group all	115
6.1.21 vlan pvid	116
6.1.22 vlan tagging	116
6.2 VLAN Show Commands	117
6.2.1 show vlan	117
6.2.2 show vlan <vlan_id>	117
6.2.3 show vlan port	119
6.3 Provisioning (IEEE 802.1p) Commands	120
6.3.1 vlan port priority all	120
6.3.2 vlan priority	120
Chapter 7 DHCP Commands	121
7.1 DHCP Server Commands (DHCP Config Pool Mode)	122
7.1.1 ip dhcp pool	122
7.1.2 client-identifier	122
7.1.3 client-name	123
7.1.4 default-router	123
7.1.5 dns-server	124
7.1.6 hardware-address	124
7.1.7 host	124
7.1.8 lease	125
7.1.9 network	126
7.1.10 bootfile	126
7.1.11 domain-name	126
7.1.12 netbios-name-server	127
7.1.13 netbios-node-type	127
7.1.14 next-server	128
7.1.15 option	128
7.2 DHCP Server Commands (Global Config Mode)	129
7.2.1 ip dhcp excluded-address	129
7.2.2 ip dhcp ping packets	130
7.2.3 service dhcp	130
7.2.4 ip dhcp bootp automatic	131
7.2.5 ip dhcp conflict logging	131
7.3 DHCP Server Clear and Show Commands	132
7.3.1 clear ip dhcp binding	132
7.3.2 clear ip dhcp server statistics	132
7.3.3 clear ip dhcp conflict	132
7.3.4 show ip dhcp binding	132
7.3.5 show ip dhcp global configuration	133
7.3.6 show ip dhcp pool configuration	133
7.3.7 show ip dhcp server statistics	134
7.3.8 show ip dhcp conflict	135
7.4 DHCP and BOOTP Relay Commands	135
7.4.1 ip dhcp relay information option	135
7.4.2 bootpdhcprelay	136
7.4.3 bootpdhcprelay maxhopcount	136
7.4.4 bootpdhcprelay minwaittime	137
7.4.5 bootpdhcprelay serverip	137
7.4.6 show bootpdhcprelay	138
Chapter 8 GARP, GVRP, and GMRP Commands	139
8.1 GARP Commands	140
8.1.1 set garp timer join	140
8.1.2 set garp timer leave	141
8.1.3 set garp timer leaveall	142
8.1.4 show garp	142
8.2 GVRP Commands	143
8.2.1 set gvrp adminmode	143
8.2.2 set gvrp interfacemode	143
8.2.3 show gvrp configuration	144
8.3 GMRP Commands	145
8.3.1 set gmrp adminmode	145
8.3.2 set gmrp interfacemode	146
8.3.3 show gmrp configuration	146
8.3.4 show mac-address-table gmrp	148
Chapter 9 Port-Based Traffic Control Commands	149
9.1 Port Security Commands	149
9.1.1 port-security	150
9.1.2 port-security max-dynamic	150
9.1.3 port-security max-static	151
9.1.4 port-security mac-address	151
9.1.5 port-security mac-address move	151
9.1.6 show port-security	152
9.1.7 show port-security	152
9.1.8 show port-security dynamic	152
9.1.9 show port-security static	152
9.1.10 show port-security violation	153
9.2 Storm Control Commands	153
9.2.1 storm-control broadcast	153
9.2.2 storm-control multicast all	154
9.2.3 storm-control unicast all	154
9.2.4 storm-control broadcast	155
9.2.5 storm-control multicast	155
9.2.6 storm-control unicast	156
9.2.7 storm-control flowcontrol	156
9.2.8 show storm-control	157
Chapter 10 SNMP Commands	159
10.1 SNMP Configuration Commands	159
10.1.1 snmp-server	159
10.1.2 snmp-server community	160
10.1.3 snmp-server community ipaddr	160
10.1.4 snmp-server community ipmask	161
10.1.5 snmp-server community mode	161
10.1.6 snmp-server community ro	162
10.1.7 snmp-server community rw	162
10.1.8 snmp-server traps violation	162
10.1.9 snmp-server traps	163
10.1.10 snmp-server traps bcaststorm	163
10.1.11 snmp-server traps linkmode	164
10.1.12 snmp-server traps multiusers	164
10.1.13 snmp-server traps stpmode	164
10.1.14 snmptrap	165
10.1.15 snmptrap snmpversion	166
10.1.16 snmptrap ipaddr	166
10.1.17 snmptrap mode	166
10.1.18 snmp trap link-status	167
10.1.19 snmp trap link-status all	167
10.2 SNMP Show Commands	168
10.2.1 show snmpcommunity	168
10.2.2 show snmptrap	169
10.2.3 show trapflags	169
Chapter 11 Port-Based Access and Authentication Commands	171
11.1 Port-Based Network Access Control Commands	171
11.1.1 authentication login	171
11.1.2 clear dot1x statistics	173
11.1.3 clear radius statistics	173
11.1.4 dot1x defaultlogin	173
11.1.5 dot1x initialize	173
11.1.6 dot1x login	173
11.1.7 dot1x max-req	174
11.1.8 dot1x port-control	174
11.1.9 dot1x port-control all	175
11.1.10 dot1x re-authenticate	175
11.1.11 dot1x re-authentication	176
11.1.12 dot1x system-auth-control	176
11.1.13 dot1x timeout	176
11.1.14 dot1x user	177
11.1.15 users defaultlogin	178
11.1.16 users login	178
11.1.17 show authentication	178
11.1.18 show authentication users	179
11.1.19 show dot1x	179
11.1.20 show dot1x users	183
11.1.21 show users authentication	183
11.2 RADIUS Commands	183
11.2.1 radius accounting mode	183
11.2.2 radius server host	184
11.2.3 radius server key	185
11.2.4 radius server msgauth	185
11.2.5 radius server primary	186
11.2.6 radius server retransmit	186
11.2.7 radius server timeout	186
11.2.8 show radius	187
11.2.9 show radius accounting	188
11.2.10 show radius statistics	189
Chapter 12 Port-Channel/LAG (802.3ad) Commands	191
12.1 Port-Channel Configuration Commands	191
12.1.1 addport	192
12.1.2 deleteport (Interface Config)	192
12.1.3 deleteport (Global Config)	192
12.1.4 port-channel	193
12.1.5 clear port-channel	193
12.1.6 port-channel staticcapability	193
12.1.7 port lacpmode	194
12.1.8 port lacpmode all	194
12.1.9 port-channel adminmode	194
12.1.10 port-channel name	195
12.1.11 port-channel linktrap	195
12.2 Port-Channel Show Commands	196
12.2.1 show port-channel	196
12.2.2 show port-channel	196
Chapter 13 IGMP Snooping Commands	199
13.1 IGMP Snooping Configuration Commands	199
13.1.1 ip igmpsnooping	199
13.1.2 ip igmpsnooping interfacemode	200
13.1.3 ip igmpsnooping groupmembership-interval	201
13.1.4 ip igmpsnooping maxresponse	202
13.1.5 ip igmpsnooping mcrtexpiretime	202
13.1.6 ip igmp mrouter	203
13.1.7 ip igmp mrouter interface	203
13.1.8 ip igmpsnooping unknown-multicast	204
13.2 IGMP Snooping Show Commands	204
13.2.1 show ip igmp	204
13.2.2 show ip igmp mrouter interface	206
13.2.3 show ip igmp mrouter vlan	206
13.2.4 show mac-address-table igmpsnooping	206
13.3 IGMP Querier Commands	207
13.3.1 ip igmpsnooping querier	208
13.3.2 ip igmpsnooping querier ip-address	208
13.3.3 ip igmpsnooping querier query-interval	209
13.3.4 show ip igmpsnooping querier	209
Chapter 14 Quality of Service (QoS) Commands	211
14.1 Class of Service (CoS) Commands (GSM7248 only)	212
14.1.1 classofservice dot1p-mapping	212
14.1.2 classofservice ip-precedence-mapping	212
14.1.3 classofservice ip-dscp-mapping	213
14.1.4 classofservice trust	213
14.1.5 cos-queue min-bandwidth	214
14.1.6 cos-queue strict	214
14.1.7 traffic-shape	215
14.1.8 show classofservice dot1p-mapping	215
14.1.9 show classofservice ip-precedence-mapping	215
14.1.10 show classofservice ip-dscp-mapping	216
14.1.11 show classofservice trust	216
14.1.12 show interfaces cos-queue	217
14.2 Differentiated Services (DiffServ) Commands	218
14.2.1 diffserv	219
14.3 DiffServ Class Commands (GSM7248 only)	219
14.3.1 class-map	220
14.3.2 class-map rename	221
14.3.3 match ethertype	221
14.3.4 match any	221
14.3.5 match class-map	221
14.3.6 match cos	222
14.3.7 match destination-address mac	223
14.3.8 match dstip	223
14.3.9 match dstl4port	223
14.3.10 match ip dscp	224
14.3.11 match ip precedence	224
14.3.12 match ip tos	225
14.3.13 match protocol	226
14.3.14 match source-address mac	226
14.3.15 match srcip	226
14.3.16 match srcl4port	227
14.3.17 match vlan	227
14.4 DiffServ Policy Commands (GSM7248 only)	227
14.4.1 policy-map	228
14.4.2 assign-queue	229
14.4.3 drop	229
14.4.4 conform-color	230
14.4.5 class	230
14.4.6 mark cos	231
14.4.7 mark ip-dscp	231
14.4.8 mark ip-precedence	232
14.4.9 police-simple	232
14.4.10 policy-map rename	233
14.5 DiffServ Service Commands (GSM7248 only)	233
14.5.1 service-policy	234
14.6 DiffServ Show Commands	235
14.6.1 show class-map (GSM7248 only)	235
14.6.2 show diffserv	236
14.6.3 show policy-map (GSM7248 only)	237
14.6.4 show diffserv service (GSM7248 only)	239
14.6.5 show diffserv service brief (GSM7248 only)	239
14.6.6 show policy-map interface (GSM7248 only)	240
14.6.7 show service-policy (GSM7248 only)	241
14.7 MAC Access Control List (ACL) Commands (GSM7248 only)	241
14.7.1 mac access-list extended	241
14.7.2 mac access-list extended rename	242
14.7.3 {deny\|permit}	242
14.7.4 mac access-group	244
14.7.5 show mac access-lists	244
14.8 IP Access Control List (ACL) Commands (GSM7248 only)	245
14.8.1 access-list	246
14.8.2 ip access-group	247
14.8.3 show ip access-lists	248
14.8.4 show access-lists	248
Chapter 15 System Maintenance Commands	251
15.1 System Information and Statistics Commands	251
15.1.1 show arp switch	252
15.1.2 show eventlog	252
15.1.3 show hardware	252
15.1.4 show interface	253
15.1.5 show interface ethernet	255
15.1.6 show logging	264
15.1.7 show mac-addr-table	264
15.1.8 clear mac-addr-table	265
15.1.9 show running-config	266
15.1.10 terminal length	266
15.1.11 show sysinfo	266
15.2 System Utility Commands	267
15.2.1 traceroute	267
15.2.2 clear config	268
15.2.3 clear counters	268
15.2.4 clear igmpsnooping	268
15.2.5 clear pass	268
15.2.6 enable passwd	268
15.2.7 clear port-channel	269
15.2.8 clear traplog	269
15.2.9 clear vlan	269
15.2.10 copy	269
15.2.11 logout	271
15.2.12 ping	271
15.2.13 reload	271
15.3 Logging Commands	272
15.3.1 logging buffered	272
15.3.2 logging buffered wrap	272
15.3.3 logging console	273
15.3.4 logging host	273
15.3.5 logging host remove	273
15.3.6 logging port	274
15.3.7 logging syslog	274
15.3.8 show logging	274
15.3.9 show logging buffered	276
15.3.10 clear logging buffered	276
15.3.11 show logging hosts	276
15.3.12 show logging traplogs	277
15.4 CLI Command Logging Command	277
15.4.1 logging cli-command	277
15.5 Configuration Scripting Commands	278
15.5.1 script apply	279
15.5.2 script delete	279
15.5.3 script list	279
15.5.4 show script	279
15.5.5 script validate	279
15.6 Packet Capture	280
15.6.1 capture transmit packet	280
15.6.2 capture receive packet	280
15.6.3 capture all packets	281
15.6.4 capture wrap	281
15.6.5 show capture packets	281
15.7 Dumping System Information	282
15.8 Setting the Output Length of show running-config	282
15.8.1 terminal length	282
15.8.2 terminal no length	282

Match case Limit results 1 per page

Command Line Interface Reference for the ProSafe 7200 Series Layer-2 Switches, Software Ver-

14-36

Quality of Service (QoS) Commands

v1.0, February 2007

•

Wildcard masking for ACLs operates differently from a subnet mask. A wildcard

mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has

ones (1's) in the bit positions that are used for the network address, and has zeros (0's)

for the bit positions that are not used. In contrast, a wildcard mask has (0’s) in a bit

position that must be checked. A ‘1’ in a bit position of the ACL mask indicates the

corresponding bit can be ignored.

14.8.1 access-list

This command creates an IP Access Control List (ACL) that is identified by the ACL

number

The IP ACL number is an integer from 1 to 99 for an IP standard ACL and from 100 to

199 for an IP extended ACL.

The IP ACL rule is specified with either a

permit or deny

action.

The protocol to filter for an IP ACL rule is specified by giving the protocol to be used like

cmp,igmp,ip,tcp,udp.

The command specifies a source IP address and source mask for match condition of the IP

ACL rule specified by the

srcip

and

srcmask

parameters.

The source layer 4 port match condition for the IP ACL rule is specified by the

port value

parameter. The range of values is from 0 to 65535.

The <

portvalue>

parameter uses a single keyword notation and currently has the values

domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp

, and

www

. Each

of these values translates into its equivalent port number, which is used as both the start

and end of a port range.

The command specifies a destination IP address and destination mask for match condition

of the IP ACL rule specified by the

dstip

and

dstmask

parameters.

The command specifies the TOS for an IP ACL rule depending on a match of precedence

or DSCP values using the parameters

dscp,

precedence

tos/tosmask

The command specifies the assign-queue which is the queue identifier to which packets

matching this rule are assigned.

Default

none

IP Standard ACL:

Format

access-list

<1-99> {deny | permit} {every | <srcip>

<srcmask>} [assign-queue <queue-id>]

Mode

Global Config