Home » Cisco Manuals » Hubs & Switches » Cisco ESW-540-8P » Manual Viewer

Cisco ESW-540-8P Administration Guide - Page 178

Traffic Class, Permit, Shutdown, Port Management

Get Cisco ESW-540-8P - ESW 8 Port 10/100/1000 PoE Switch PDF manuals and user guides

UPC - 882658304057

Add to My Manuals
Save this manual to your list of manuals

Page 178 highlights

Configuring Device Security Defining Access Control 5 • Source Port - Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-down list. The possible field range is 0 - 65535. • Destination Port - Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List dropdown list. The possible field range is 0 - 65535. • TCP Flags - Filters packets by TCP EtherChannel. Filtered packets are either forwarded or dropped. Filtering packets by TCP EtherChannels increases packet control, which increases network security. • ICMP - Indicates if ICMP packets are permitted on the network. The possible field values are as follows: • ICMP Code - Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. • IGMP - Filters packets by IGMP message or message types. • Source IP Address - Matches the source port IP address to which packets are addressed to the ACE. • Dest. IP Address - Matches the destination port IP address to which packets are addressed to the ACE. • Traffic Class - Indicates the traffic class to which the packet is matched. • Select either Match DSCP or Match IP: • Match DSCP - Matches the packet to the DSCP tag value. • Match IP Precedence - Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-7. • Action - Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shutdown, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: - Permit - Forwards packets which meet the ACL criteria. - Deny - Drops packets which meet the ACL criteria. - Shutdown - Drops packet that meets the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Port Management page. ESW 500 Series Switches Administration Guide 167

Section	Page
Cisco Small Business Pro	1
ADMINISTRATION GUIDE	1
Getting Started	12
Introduction	12
Typical Installation Methods	13
Default Configuration settings on the ESW 500 Series Switches	14
Physical Connectivity	14
Connecting to the Switch	17
Using the Default Static IP Address	17
Using a Dynamic IP Address Allocated to the Switch By DHCP	22
Using the Cisco Configuration Assistant (CCA)	24
Navigating The Cisco Switch Configuration Utility	29
Using the Management Buttons	29
Performing Common Configuration Tasks	30
Checking the Software Version	30
Checking the System Information	30
Viewing what Devices are Attached to the Switch	31
Configuring the VLAN Settings for the Switch	32
Configuring individual ports using Cisco Smartport Roles	33
Smartport Roles	34
Checking the Device Power Consumption	38
Saving the Configuration	40
Upgrading the Firmware on the Switch	41
Resetting the Device	46
Manual Reset	47
Logging Off the Device	47
Using The Switch Console Port	48
Selecting Menu Options and Actions	48
Managing Device Information	52
Understanding the Dashboards	52
Ports	59
Health and Monitoring	59
Common Tasks	60
Help	60
Defining System Information	60
Viewing Device Health	62
Resetting the Device	64
Managing Cisco Discovery Protocol	65
Defining the Bonjour Discovery Protocol	68
TCAM Utilization	70
Managing Smart Ports	72
Configuring Smart Ports for Desktops	73
Configuring Smart Ports for IP Phones and Desktops	77
Configuring Smart Ports for Access Points	80
Configuring Smart Ports for Switches	82
Configuring Smart Ports for Routers	84
Configuring Smart ports for Guests	87
Configuring Smart ports for Servers	89
Configuring Smart ports for Printers	91
Configuring Smart ports for VS Camera	94
Configuring Smart Ports for Other	96
Configuring System Time	99
Defining System Time	99
Defining SNTP Settings	103
Defining SNTP Authentication	105
Configuring Device Security	108
Passwords Management	108
Modifying the Local User Settings	110
Defining Authentication	111
Defining Profiles	111
Modifying an Authentication Profile	114
Mapping Authentication Profiles	115
Defining TACACS+	117
Modifying TACACS+ Settings	120
Defining RADIUS	122
Modifying RADIUS Server Settings	126
Defining Access Methods	127
Defining Access Profiles	128
Defining Profile Rules	131
Modifying Profile Rules	135
Defining Traffic Control	137
Defining Storm Control	138
Modifying Storm Control	140
Defining Port Security	141
Modifying Port Security	145
Defining 802.1x	146
Defining 802.1X Properties	147
Defining Port Authentication	149
Modifying 8021X Security	152
Defining Authentication	155
Modifying Authentication Settings	157
Authenticated Hosts	158
Defining Access Control	160
Defining MAC Based ACL	160
Adding Rule to MAC Based ACL	164
Modifying MAC Based ACL	166
Defining IP Based ACL	168
Modifying IP Based ACL	174
Adding an IP Based Rule	177
Defining ACL Binding	179
Modifying ACL Binding	180
Defining DoS Prevention	181
DoS Global Settings	181
Defining Martian Addresses	183
Defining DHCP Snooping	185
Defining DHCP Snooping Properties	186
Defining DHCP Snooping on VLANs	188
Defining Trusted Interfaces	189
Trusted Interface Table	190
Binding Addresses to the DHCP Snooping Database	191
Query By	192
Query Results	193
Defining IP Source Guard	195
Configuring IP Source Guard Properties	195
Defining IP Source Guard Interface Settings	197
Querying the IP Source Binding Database	199
TCAM Resources	200
Query By	201
Query Results	201
Defining Dynamic ARP Inspection	202
Defining ARP Inspection Properties	203
Defining ARP Inspection Trusted Interfaces	205
Defining ARP Inspection List	207
Static ARP Inspection Table	208
Adding a Binding List entry	209
Assigning ARP Inspection VLAN Settings	210
Enabled VLAN Table	211
Configuring Ports	213
Port Settings	213
Modifying Port Settings	215
Configuring VLANs	219
Defining VLAN Properties	220
Modifying VLANs	222
Defining VLAN Membership	223
Modifying VLAN Membership	224
Assigning Ports to Multiple VLANs	226
Defining Interface Settings	229
Modifying VLAN Interface Settings	230
Defining GVRP Settings	232
Modifying GVRP Settings	234
Defining Protocol Groups	236
Modifying Protocol Groups	237
Defining a Protocol Port	238
Configuring IP Information	241
IP Addressing	241
Defining DHCP Relay	243
Defining DHCP Relay Interfaces	245
Managing ARP	247
ARP Table	249
Modifying ARP Settings	250
Domain Name System	251
Defining DNS Servers	251
Default Parameters	252
DNS Server Details	253
Mapping DNS Hosts	253
Defining Address Tables	256
Defining Static Addresses	256
Defining Dynamic Addresses	259
Query By Section	261
Configuring Multicast Forwarding	262
IGMP Snooping	262
Modifying IGMP Snooping	264
Defining Multicast Group	266
Modifying a Multicast Group	268
Defining Multicast Forwarding	269
Modifying Multicast Forwarding	271
Defining Unregistered Multicast Settings	272
Configuring Spanning Tree	275
Defining STP Properties	275
Global Settings	276
Defining Spanning Tree Interface Settings	278
Modifying Interface Settings	282
Defining Rapid Spanning Tree	284
Modifying RTSP	287
Defining Multiple Spanning Tree	289
Defining MSTP Properties	290
Defining MSTP Instance to VLAN	291
Defining MSTP Instance Settings	293
Defining MSTP Interface Settings	294
Configuring Quality of Service	301
Managing QoS Statistics	302
Policer Statistics	302
Add Aggregated Policer Statistics	304
Resetting Aggregate Policer Statistics Counters	307
Queues Statistics	307
Adding Queues Statistics	309
Resetting Queue Statistics Counters	309
Defining General Settings	310
Defining CoS	310
Modifying Interface Priorities	312
Defining QoS Queue	313
Mapping CoS to Queue	316
Mapping DSCP to Queue	318
Configuring Bandwidth	319
Modifying Bandwidth Settings	320
Configuring VLAN Rate Limit	322
Modifying the VLAN Rate Limit	324
Defining Advanced QoS Mode	324
Configuring DSCP Mapping	325
Defining Class Mapping	327
Defining Aggregate Policer	329
Modifying QoS Aggregate Policer	331
Configuring Policy Table	332
Modifying the QoS Policy Profile	335
Defining Policy Binding	337
Modifying QoS Policy Binding Settings	339
Defining QoS Basic Mode	340
Rewriting DSCP Values	341
Configuring SNMP	343
SNMP Versions	343
SNMP v1 and v2	343
SNMP v3	343
Configuring SNMP Security	344
Defining the SNMP Engine ID	344
Defining SNMP Views	346
Defining SNMP Users	348
Modifying SNMP Users	350
Define SNMP Groups	351
Modifying SNMP Group Profile Settings	354
Defining SNMP Communities	355
Modifying SNMP Community Settings	358
Defining Trap Management	359
Defining Trap Settings	359
Configuring Station Management	361
Modifying SNMP Notifications	365
Defining SNMP Filter Settings	367
Managing Cisco Discovery Protocol	370
Managing System Files	373
Software Upgrade	374
Save Configuration	375
Copy Configuration	377
Via TFTP	378
Via HTTP	379
Active Image	379
DHCP Auto Configuration	381
Managing Power-over-Ethernet Devices	382
Defining PoE Settings	382
Managing System Logs	386
Enabling System Logs	386
Viewing the Device Memory Logs	388
Clearing Message Logs	389
Viewing the System Flash Logs	390
Clearing Flash Logs	391
Remote Log Servers	391
Modifying Syslog Server Settings	394
Viewing Statistics	397
Viewing Ethernet Statistics	397
Defining Interface Statistics	397
Resetting Interface Statistics Counters	399
Viewing Etherlike Statistics	399
Resetting Etherlike Statistics Counters	401
Viewing GVRP Statistics	401
Resetting GVRP Statistics Counters	403
Viewing EAP Statistics	403
Managing RMON Statistics	405
Viewing RMON Statistics	406
Resetting RMON Statistics Counters	408
Configuring RMON History	408
Defining RMON History Control	408
Modifying RMON History Settings	410
Viewing the RMON History Table	411
Defining RMON Events Control	413
Modifying RMON Event Log Settings	415
Viewing the RMON Events Logs	416
Defining RMON Alarms	417
Modifying RMON Alarm Settings	421
Aggregating Ports	424
Defining EtherChannel Management	425
Modifying LAG Membership	426
Defining EtherChannel Settings	427
Modifying EtherChannel Settings	429
Configuring LACP	431
Modify LACP Parameter Settings	433
Managing Device Diagnostics	434
Ethernet Port Testing	434
Performing GBIC Uplink Testing	437
Configure Span (Port Mirroring)	438

Match case Limit results 1 per page

Configuring Device Security

Defining Access Control

ESW 500 Series Switches Administration Guide

167

•

Source Port

— Defines the TCP/UDP source port to which the ACE is matched.

This field is active only if

800/6-TCP

800/17-UDP

are selected in the

Select

from List

drop-down list. The possible field range is 0 - 65535.

•

Destination Port

— Defines the TCP/UDP destination port. This field is active

only if

800/6-TCP

800/17-UDP

are selected in the

Select from List

drop-

down list. The possible field range is 0 - 65535.

•

TCP Flags

— Filters packets by TCP EtherChannel. Filtered packets are either

forwarded or dropped. Filtering packets by TCP EtherChannels increases

packet control, which increases network security.

•

ICMP

— Indicates if ICMP packets are permitted on the network. The possible

field values are as follows:

•

ICMP Code

— Indicates and ICMP message code for filtering ICMP packets.

ICMP packets that are filtered by ICMP message type can also be filtered by

the ICMP message code.

•

IGMP

— Filters packets by IGMP message or message types.

•

Source IP Address

— Matches the source port IP address to which packets are

addressed to the ACE.

•

Dest. IP Address

— Matches the destination port IP address to which packets

are addressed to the ACE.

•

Traffic Class

— Indicates the traffic class to which the packet is matched.

•

Select either

Match DSCP

Match IP

•

Match DSCP

— Matches the packet to the DSCP tag value.

•

Match IP Precedence

— Matches the packet IP Precedence value to the

ACE. Either the DSCP value or the IP Precedence value is used to match

packets to ACLs. The possible field range is 0-7.

•

Action

— Indicates the action assigned to the packet matching the ACL.

Packets are forwarded or dropped. In addition, the port can be shutdown, a

trap can be sent to the network administrator, or packet is assigned rate

limiting restrictions for forwarding. The options are as follows:

Permit

— Forwards packets which meet the ACL criteria.

Deny

— Drops packets which meet the ACL criteria.

Shutdown

— Drops packet that meets the ACL criteria, and disables the

port to which the packet was addressed. Ports are reactivated from the

Port Management

page.