Home » Netgear Manuals » Hubs & Switches » Netgear GSM7248v1 » Manual Viewer

Netgear GSM7248v1 GSM7224 Administration manual - Page 73

Access Control Lists (ACLs), Overview, Limitations, MAC ACLs

Add to My Manuals
Save this manual to your list of manuals

Page 73 highlights

Chapter 9 Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. Overview Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or to specific resources on your network. You can set up ACLs to control traffic at Layer 2, or Layer3. MAC ACLs are used for Layer 2. IP ACLs are used for Layers 3. Each ACL contains a set of rules that apply to inbound traffic. Each rule specifies whether the contents of a given field should be used to permit or deny access to the network, and may apply to one or more of the fields within a packet. Limitations The following limitations apply to ACLs. These limitations are platform dependent. • Maximum of 100 ACLs • Maximum rules per ACL is 8-10 • Stacking systems do not support redirection The system does not support MAC ACLs and IP ACLs on the same interface. The system supports ACLs set up for inbound traffic only. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet (limited by platform): • Source MAC address with mask 9-1 v1.0, Jan 2007

Section	Page
NETGEAR 7000 Series Managed Switch Administration Guide Version 6.0	1
Contents	5
About This Manual	13
Conventions, Formats and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Document Organization	17
Audience	18
CLI Documentation	19
Related Documentation	19
Chapter 2 Getting Started	21
In-band and Out-of-band Connectivity	21
Configuring for In-band Connectivity	21
Using BootP or DHCP	21
Using the EIA-232 Port	22
Configuring for Out-Of-Band Connectivity	23
Starting the Switch	24
Initial Configuration	24
Initial Configuration Procedure	25
Software Installation	26
Quick Starting the Networking Device	26
System Information and System Setup	26
Chapter 3 Using Ezconfig for Switch Setup	31
Changing the Password	32
Setting Up the Switch IP Address	32
Assigning Switch Name and Location Information	33
Saving the Configuration	33
Chapter 4 Using the Web Interface	35
Configuring for Web Access	35
Starting the Web Interface	36
Web Page Layout	36
Configuring an SNMP V3 User Profile	36
Command Buttons	37
Chapter 5 Virtual LANs	39
VLAN Configuration Example	40
CLI Examples	40
Example #1: Create Two VLANs	40
Example #2: Assign Ports to VLAN2	41
Example #3: Assign Ports to VLAN3	41
Example #4: Assign VLAN3 as the Default VLAN	41
Graphical User Interface	42
Chapter 6 Link Aggregation	43
CLI Example	43
Example 1: Create two LAGS:	45
Example 2: Add the ports to the LAGs:	46
Example 3: Enable both LAGs.	46
Chapter 7 IP Routing Services	47
Port Routing	47
Port Routing Configuration	48
CLI Examples	49
Example 1. Enabling routing for the Switch	49
Example 2. Enabling Routing for Ports on the Switch	50
VLAN Routing	50
VLAN Routing Configuration	51
CLI Examples	51
Example 1: Create Two VLANs	52
Example 2: Set Up VLAN Routing for the VLANs and the Switch.	52
VLAN Routing RIP Configuration	53
CLI Example	54
VLAN Routing OSPF Configuration	56
CLI Example	56
Routing Information Protocol	58
RIP Configuration	58
CLI Example	59
Example #1: Enable Routing for the Switch:	59
Example #2: Enable Routing for Ports	60
Example #3. Enable RIP for the Switch	60
Example #4. Enable RIP for ports 1/0/2 and 1/0/3	61
OSPF	61
CLI Examples	62
Example #1 Configuring an Inter-Area Router	63
Example #2 - Configuring OSPF on a Border Router	65
Proxy Address Resolution Protocol (ARP)	67
Overview	67
CLI Examples	68
Example #1: show ip interface	68
Example #2: ip proxy-arp	68
Chapter 8 Virtual Router Redundancy Protocol	69
CLI Examples	70
Chapter 9 Access Control Lists (ACLs)	73
Overview	73
Limitations	73
MAC ACLs	73
Configuring IP ACLs	74
Process	75
IP ACL CLI Example	75
MAC ACL CLI Examples	76
Example #1: mac access list	77
Example #2: permit any	78
Example #3 Configure mac access-group	79
Example #4 permit	80
Example #5: show mac access-lists	81
Chapter 10 Class of Service (CoS) Queuing	83
Overview	83
CoS Queue Mapping	83
Trusted Ports	83
Untrusted Ports	84
CoS Queue Configuration	84
Port Egress Queue Configuration	84
Drop Precedence Configuration (per Queue)	85
Per Interface Basis	85
CLI Examples	85
Example #1: show classofservice trust	86
Example #2: set classofservice trust mode	86
Example #3: show classofservice ip-precedence mapping	87
Example #4: Config Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	87
Example #5: Set CoS Trust Mode of an Interface	88
Traffic Shaping	88
CLI Example	88
Example #1 traffic-shape	89
Chapter 11 Differentiated Services	91
CLI Example	92
DiffServ for VoIP Configuration Example	94
Chapter 12 IGMP Snooping	97
Overview	97
CLI Examples	97
Example #1: Enable IGMP Snooping	97
Example #2: show igmpsnooping	98
Example #3: show mac-address-table igmpsnooping	98
Chapter 13 Port Security	99
Overview	99
Operation	100
CLI Examples	101
Example #1: show port security	101
Example #2: show port security on a specific interface	101
Example #3: (Config) port security	101
Chapter 14 Traceroute	103
CLI Example	104
Chapter 15 Configuration Scripting	105
Overview	105
Considerations	105
CLI Examples	105
Example #1: script	106
Example #2: script list and script delete	106
Example #3: script apply running-config.scr	106
Example #4: Creating a Configuration Script	107
Example #5: Upload a Configuration Script	107
Chapter 16 Outbound Telnet	109
Overview	109
CLI Examples	109
Example #1: show network	110
Example #2: show telnet	110
Example #3: transport output telnet	111
Example #4: session-limit and session-timeout	111
Chapter 17 Port Mirroring	113
Overview	113
CLI Examples	113
Example #1: show monitor session	114
Example #2: show port all	114
Example #3: show port interface	114
Example #4: (Config) monitor session 1 mode	115
Example #5: (Config) monitor session 1 source interface	116
Example #6: (Interface) port security	116
Chapter 18 Simple Network Time Protocol (SNTP)	117
Overview	117
CLI Examples	117
Example #1: show sntp	117
Example #2: show sntp client	118
Example #3: show sntp server	118
Example #4: Configure SNTP	118
Example #5: Setting Time Zone	120
Example #6: Setting Named SNTP Server	120
Chapter 19 Managing Switch Stacks	121
Understanding Switch Stacks	122
Switch Stack Membership	123
Switch Stack Cabling (FSM73xxS)	124
Stack Master Election and Re-Election	125
Stack Member Numbers	125
Stack Member Priority Values	126
Switch Stack Offline Configuration	126
Effects of Adding a Preconfigured Switch to a Switched Stack	126
Effects of Replacing a Preconfigured Switch in a Switch Stack	127
Effects of Removing a Preconfigured Switch from a Switch Stack	127
Switch Stack Software Compatibility Recommendations	128
Incompatible Software and Stack Member Image Upgrades	128
Switch Stack Configuration Files	128
Switch Stack Management Connectivity	129
Connectivity to the Switch Stack Through Console Ports	129
Connectivity to the Switch Stack Through Telnet	129
Switch Stack Configuration Scenarios	129
Stacking Recommendations	131
General Practices	131
Initial installation and Power-up of a Stack	132
Removing a Unit from the Stack	132
Adding a Unit to an Operating Stack	133
Replacing a Stack Member with a New Unit	133
Renumbering Stack Members	134
Moving a Master to a Different Unit in the Stack	134
Removing a Master Unit from an Operating Stack	134
Merging Two Operational Stacks	135
Preconfiguration	135
Upgrading Firmware	135
Migration of Configuration With a Firmware Upgrade	136
Code Mismatch	137
Chapter 20 Pre-Login Banner	139
Overview	139
CLI Example	139
Chapter 21 Syslog	141
Overview	141
Persistent Log Files	141
Interpreting Log Files	142
CLI Examples	142
Example #1: show logging	143
Example #2: show logging buffered	143
Example #3: show logging traplogs	144
Example 4: show logging hosts	144
Example #5: logging port configuration	145
Chapter 22 IGMP Querier	147
CLI Examples	148
Example 1: Enable IGMP Querier	148

Match case Limit results 1 per page

9-1

v1.0, Jan 2007

Chapter 9

Access Control Lists (ACLs)

This section describes the Access Control Lists (ACLs) feature.

Overview

Access Control Lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a

firewall router or in a router connecting two internal networks. When you configure ACLs, you

can selectively admit or reject inbound traffic, thereby controlling access to your network or to

specific resources on your network.

You can set up ACLs to control traffic at Layer 2, or Layer3. MAC ACLs are used for Layer 2. IP

ACLs are used for Layers 3.

Each ACL contains a set of rules that apply to inbound traffic. Each rule specifies whether the

contents of a given field should be used to permit or deny access to the network, and may apply to

one or more of the fields within a packet.

Limitations

The following limitations apply to ACLs. These limitations are platform dependent.

•

Maximum of 100 ACLs

•

Maximum rules per ACL is 8-10

•

Stacking systems do not support redirection

The system does not support MAC ACLs and IP ACLs on the same interface.

The system supports ACLs set up for inbound traffic only.

MAC ACLs

MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a

packet (limited by platform):

•

Source MAC address with mask