Home » Netgear Manuals » Hubs & Switches » Netgear GSM7248R » Manual Viewer

Netgear GSM7248R CLI Reference Manual - for 7200RS Series Layer-2 Stackable Sw - Page 250

access-list

Add to My Manuals
Save this manual to your list of manuals

Page 250 highlights

Command Line Interface Reference for the ProSafe 7200RS Series Layer-2 Stackable Switches 13.8.1 access-list This command creates an IP Access Control List (ACL) that is identified by the ACL number. The IP ACL number is an integer from 1 to 99 for an IP standard ACL and from 100 to 199 for an IP extended ACL. The IP ACL rule is specified with either a permit or deny action. The protocol to filter for an IP ACL rule is specified by giving the protocol to be used like icmp,igmp,ip,tcp,udp. The command specifies a source IP address and source mask for match condition of the IP ACL rule specified by the srcip and srcmask parameters. The source layer 4 port match condition for the IP ACL rule is specified by the port value parameter. The range of values is from 0 to 65535. The parameter uses a single keyword notation and currently has the values of domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number, which is used as both the start and end of a port range. The command specifies a destination IP address and destination mask for match condition of the IP ACL rule specified by the dstip and dstmask parameters. The command specifies the TOS for an IP ACL rule depending on a match of precedence or DSCP values using the parameters dscp, precedence, tos/tosmask. The command specifies the TCP flags for an IP ACL rule depending on a TCP flag match. Supported options are: • URG (Urgent Pointer Flag)-identifies incoming data as urgent • ACK (Acknowledgement Flag)-Acknowledges successful receipt of packets • PSH (Push Flag)-Ensures that the data is given priority • RST (Reset Flag)-Used when a segment arrives that is not intended for the current connection • SYM (Synchronization Flag)-Initially sent when establishing a 3-way handshake • FIN (FIN Flag)-Used to tear down virtual connections The command specifies the assign-queue which is the queue identifier to which packets matching this rule are assigned. Default none 13-34 Quality of Service (QoS) Commands v1.0, October 2008

Section	Page
Command Line Interface Reference for the ProSafe 7200RS Series Layer-2 Stackable Switches with Static Routing, Software Version 7.3	1
Contents	5
Chapter 1 About This Manual	27
1.1 Audience	27
1.2 Scope	27
1.3 Typographical Conventions	28
1.4 Special Message Formats	28
1.5 How to Use This Manual	29
1.6 How to Print this Manual	29
1.7 Revision History	30
Chapter 2 Overview	31
2.1 Product Concept	31
2.2 Using the Command-Line Interface	32
2.2.1 Command Syntax	32
2.2.2 Command Conventions	33
2.2.3 Unit-Slot-Port Naming Convention	35
2.2.4 Using the “No” Form of a Command	35
2.2.5 Command Modes	36
2.2.6 Entering CLI Commands	38
2.2.7 Using CLI Help	40
2.2.8 Accessing the CLI	41
Chapter 3 Administrative Access Commands	43
3.1 Network Interface Commands	43
3.1.1 enable	43
3.1.2 network parms (parameter)	44
3.1.3 network mgmt_vlan	44
3.1.4 network protocol	44
3.1.5 show network	45
3.2 Configuring the Switch Management CPU (ezconfig)	46
3.3 Console Port Access Commands	48
3.3.1 configuration	48
3.3.2 lineconfig	48
3.3.3 serial baudrate	49
3.3.4 serial timeout	49
3.3.5 show serial	50
3.4 Telnet Commands	51
3.4.1 telnet	51
3.4.2 transport input telnet	51
3.4.3 transport output telnet	52
3.4.4 session-limit	52
3.4.5 session-timeout	53
3.4.6 telnetcon maxsessions	53
3.4.7 telnetcon timeout	54
3.4.8 show telnet	54
3.4.9 show telnetcon	55
3.5 Secure Shell (SSH) Command	56
3.5.1 ip ssh	56
3.5.2 ip ssh protocol	56
3.5.3 sshcon maxsessions	57
3.5.4 sshcon timeout	57
3.5.5 show ip ssh	58
3.6 Hypertext Transfer Protocol (HTTP) Commands	58
3.6.1 ip http secure-port	58
3.6.2 ip http secure-protocol	59
3.6.3 ip http secure-server	59
3.6.4 ip http server	59
3.6.5 ip http java	60
3.6.6 ip http session hard-timeout	60
3.6.7 ip http session maxsessions	60
3.6.8 ip http session soft-timeout	61
3.6.9 ip http secure-session hard-timeout	61
3.6.10 ip http secure-session maxsessions	62
3.6.11 ip http secure-session soft-timeout	62
3.6.12 network javamode	62
3.6.13 show ip http	63
3.7 User Account Commands	64
3.7.1 users name	64
3.7.2 users passwd	65
3.7.3 users snmpv3 accessmode	65
3.7.4 users snmpv3 authentication	66
3.7.5 users snmpv3 encryption	66
3.7.6 show loginsession	67
3.7.7 show users	67
3.7.8 disconnect	68
Chapter 4 Port and System Setup Commands	69
4.1 Port Configuration Commands	69
4.1.1 interface	69
4.1.2 interface range	70
4.1.3 interface vlan	70
4.1.4 interface lag	70
4.1.5 auto-negotiate	70
4.1.6 auto-negotiate all	71
4.1.7 description	71
4.1.8 mtu	72
4.1.9 shutdown	72
4.1.10 shutdown all	73
4.1.11 speed	73
4.1.12 speed all	74
4.1.13 monitor session	74
4.1.14 no monitor	75
4.1.15 show monitor session	75
4.1.16 show port	76
4.1.17 show port description	76
4.1.18 show port protocol	77
4.1.19 show port status	77
4.2 Pre-login Banner and System Prompt Commands	78
4.2.1 copy	78
4.2.2 set prompt	78
4.3 Simple Network Time Protocol (SNTP) Commands	79
4.3.1 sntp broadcast client poll-interval	79
4.3.2 sntp client mode	79
4.3.3 sntp client port	80
4.3.4 sntp unicast client poll-interval	80
4.3.5 sntp unicast client poll-timeout	80
4.3.6 sntp unicast client poll-retry	81
4.3.7 sntp multicast client poll-interval	81
4.3.8 sntp server	82
4.3.9 show sntp	82
4.3.10 show sntp client	82
4.3.11 show sntp server	83
4.3.12 clock timezone	84
4.4 MAC Address and MAC Database Commands	85
4.4.1 network mac-address	85
4.4.2 network mac-type	85
4.4.3 macfilter	86
4.4.4 macfilter adddest	86
4.4.5 macfilter adddest all	87
4.4.6 macfilter addsrc	87
4.4.7 macfilter addsrc all	88
4.4.8 bridge aging-time	89
4.4.9 show forwardingdb agetime	90
4.4.10 show mac-address-table multicast	90
4.4.11 show mac-address-table static	91
4.4.12 show mac-address-table stats	91
4.5 DNS Client Commands	92
4.5.1 ip domain-lookup	93
4.5.2 ip domain-name	93
4.5.3 ip name-server	93
4.5.4 ip host	94
4.5.5 clear host	94
4.5.6 show hosts	94
Chapter 5 Spanning Tree Protocol Commands	95
5.1 STP Configuration Commands	95
5.1.1 spanning-tree	95
5.1.2 spanning-tree bpdumigrationcheck	96
5.1.3 spanning-tree configuration name	96
5.1.4 spanning-tree configuration revision	97
5.1.5 spanning-tree edgeport	97
5.1.6 spanning-tree edgeport all	97
5.1.7 spanning-tree forceversion	98
5.1.8 spanning-tree forward-time	98
5.1.9 spanning-tree hello-time	99
5.1.10 spanning-tree max-age	99
5.1.11 spanning-tree max-hops	100
5.1.12 spanning-tree mst	100
5.1.13 spanning-tree mst instance	101
5.1.14 spanning-tree mst priority	102
5.1.15 spanning-tree mst vlan	103
5.1.16 spanning-tree port mode	103
5.1.17 spanning-tree port mode all	103
5.1.18 spanning-tree bpduforwarding	104
5.2 STP Show Commands	104
5.2.1 show spanning-tree	104
5.2.2 show spanning-tree summary	106
5.2.3 show spanning-tree interface	107
5.2.4 show spanning-tree mst port detailed	108
5.2.5 show spanning-tree mst port summary	110
5.2.6 show spanning-tree mst summary	110
5.2.7 show spanning-tree vlan	111
Chapter 6 VLAN Commands	113
6.1 VLAN Configuration Commands	113
6.1.1 vlan association mac	113
6.1.2 vlan database	114
6.1.3 network mgmt_vlan	114
6.1.4 vlan	114
6.1.5 vlan acceptframe	115
6.1.6 vlan ingressfilter	115
6.1.7 vlan makestatic	116
6.1.8 vlan name	116
6.1.9 vlan participation	116
6.1.10 vlan participation all	117
6.1.11 vlan port acceptframe all	117
6.1.12 vlan port pvid all	118
6.1.13 vlan port tagging all	118
6.1.14 vlan port ingressfilter all	119
6.1.15 vlan protocol group	119
6.1.16 vlan protocol group add protocol	120
6.1.17 vlan protocol group remove	120
6.1.18 protocol group	120
6.1.19 protocol vlan group	121
6.1.20 protocol vlan group all	121
6.1.21 vlan pvid	122
6.1.22 vlan tagging	122
6.2 VLAN Show Commands	123
6.2.1 show vlan	123
6.2.2 show vlan <vlan_id>	123
6.2.3 show vlan association mac	125
6.2.4 show vlan port	125
6.3 Double VLAN Commands	126
6.3.1 dvlan-tunnel etherType	126
6.3.2 mode dot1q-tunnel	126
6.3.3 mode dvlan-tunnel	127
6.3.4 show dot1q-tunnel	128
6.3.5 show dot1q-tunnel interface	128
6.3.6 show dvlan-tunnel	129
6.3.7 show dvlan-tunnel interface	129
6.4 Provisioning (IEEE 802.1p) Commands	129
6.4.1 vlan port priority all	130
6.4.2 vlan priority	130
Chapter 7 DHCP Commands	131
7.1 ip dhcp pool	132
7.1.1 client-identifier	132
7.1.2 client-name	133
7.1.3 default-router	133
7.1.4 dns-server	133
7.1.5 hardware-address	134
7.1.6 host	134
7.1.7 lease	135
7.1.8 network	135
7.1.9 bootfile	135
7.1.10 domain-name	136
7.1.11 netbios-name-server	136
7.1.12 netbios-node-type	137
7.1.13 next-server	137
7.1.14 option	138
7.2 DHCP Server Commands (Global Config Mode)	138
7.2.1 ip dhcp excluded-address	138
7.2.2 ip dhcp ping packets	139
7.2.3 service dhcp	139
7.2.4 ip dhcp bootp automatic	140
7.2.5 ip dhcp conflict logging	140
7.3 DHCP Server Clear and Show Commands	141
7.3.1 clear ip dhcp binding	141
7.3.2 clear ip dhcp server statistics	141
7.3.3 clear ip dhcp conflict	141
7.3.4 show ip dhcp binding	141
7.3.5 show ip dhcp global configuration	142
7.3.6 show ip dhcp pool configuration	142
7.3.7 show ip dhcp server statistics	143
7.3.8 show ip dhcp conflict	144
7.4 DHCP and BOOTP Relay Commands	144
7.4.1 ip dhcp relay information option	145
7.4.2 bootpdhcprelay	145
7.4.3 bootpdhcprelay maxhopcount	146
7.4.4 bootpdhcprelay minwaittime	146
7.4.5 bootpdhcprelay serverip	147
7.4.6 show bootpdhcprelay	147
7.4.7 bootpdhcprelay backup-serverip	148
Chapter 8 GARP, GVRP, and GMRP Commands	149
8.1 set garp timer join	149
8.1.1 set garp timer leave	150
8.1.2 set garp timer leaveall	151
8.1.3 show garp	151
8.2 GVRP Commands	152
8.2.1 set gvrp adminmode	152
8.2.2 set gvrp interfacemode	152
8.2.3 show gvrp configuration	153
8.3 GMRP Commands	154
8.3.1 set gmrp adminmode	154
8.3.2 set gmrp interfacemode	155
8.3.3 show gmrp configuration	155
8.3.4 show mac-address-table gmrp	157
Chapter 9 Port-Based Traffic Control Commands	159
9.1 Port Security Commands	159
9.1.1 port-security	159
9.1.2 port-security max-dynamic	160
9.1.3 port-security max-static	161
9.1.4 port-security mac-address	161
9.1.5 port-security mac-address move	161
9.1.6 show port-security	162
9.1.7 show port-security	162
9.1.8 show port-security dynamic	162
9.1.9 show port-security static	162
9.1.10 show port-security violation	163
9.2 Storm Control Commands	163
9.2.1 storm-control broadcast	163
9.2.2 storm-control multicast all	164
9.2.3 storm-control unicast all	164
9.2.4 storm-control broadcast	165
9.2.5 storm-control multicast	165
9.2.6 storm-control unicast	166
9.2.7 storm-control flowcontrol	166
9.2.8 show storm-control	167
9.3 Protected Port Commands	167
9.3.1 switchport protected	167
9.3.2 show switchport protected	168
9.4 Private Group Commands	168
9.4.1 switchport private-group	168
9.4.2 no switchport private group	169
9.4.3 private-group name	169
9.4.4 no private-group name	169
9.4.5 show private-group	170
Chapter 10 SNMP Commands	171
10.1 SNMP Configuration Commands	171
10.1.1 snmp-server	171
10.1.2 snmp-server community	172
10.1.3 snmp-server community ipaddr	172
10.1.4 snmp-server community ipmask	173
10.1.5 snmp-server community mode	173
10.1.6 snmp-server community ro	174
10.1.7 snmp-server community rw	174
10.1.8 snmp-server traps violation	174
10.1.9 snmp-server traps	175
10.1.10 snmp-server traps bcaststorm	175
10.1.11 snmp-server traps linkmode	176
10.1.12 snmp-server traps multiusers	176
10.1.13 snmp-server traps stpmode	176
10.1.14 snmptrap	177
10.1.15 snmptrap snmpversion	178
10.1.16 snmptrap ipaddr	178
10.1.17 snmptrap mode	178
10.1.18 snmp trap link-status	179
10.1.19 snmp trap link-status all	179
10.2 SNMP Show Commands	180
10.2.1 show snmpcommunity	180
10.2.2 show snmptrap	181
10.2.3 show trapflags	181
Chapter 11 Port-Based Access and Authentication Commands	183
11.1 Port-Based Network Access Control Commands	183
11.1.1 authentication login	183
11.1.2 clear dot1x statistics	185
11.1.3 clear radius statistics	185
11.1.4 dot1x defaultlogin	185
11.1.5 dot1x initialize	185
11.1.6 dot1x login	185
11.1.7 dot1x max-req	186
11.1.8 dot1x port-control	186
11.1.9 dot1x port-control all	187
11.1.10 dot1x re-authenticate	187
11.1.11 dot1x re-authentication	188
11.1.12 dot1x system-auth-control	188
11.1.13 dot1x timeout	188
11.1.14 dot1x port-method	190
11.1.15 dot1x user	190
11.1.16 users defaultlogin	190
11.1.17 users login	191
11.1.18 show authentication	191
11.1.19 show authentication users	191
11.1.20 show dot1x	192
11.1.21 show dot1x users	195
11.1.22 show users authentication	195
11.2 RADIUS Commands	196
11.2.1 radius accounting mode	196
11.2.2 radius server host	196
11.2.3 radius server key	197
11.2.4 radius server msgauth	198
11.2.5 radius server primary	198
11.2.6 radius server retransmit	198
11.2.7 radius server timeout	199
11.2.8 show radius	199
11.2.9 show radius accounting	200
11.2.10 show radius statistics	201
11.3 802.1x Option 81 Commands	203
11.3.1 radius server attribute 4	203
11.3.2 no radius server attribute 4	203
11.3.3 authorization network radius	203
11.3.4 no authorization network radius	204
11.4 TACAS+ Commands	204
11.4.1 tacads-server host	204
11.4.2 no tacacs-server host	204
11.4.3 tacacs-server key	205
11.4.4 no tacacs-server key	205
11.4.5 tacacs-server timeout	205
11.4.6 no tacacs-server timeout	205
11.4.7 key	206
11.4.8 port	206
11.4.9 priority	206
11.4.10 timeout	206
11.4.11 show tacacs	206
Chapter 12 Port-Channel/LAG (802.3ad) Commands	209
12.1 Port-Channel Configuration Commands	209
12.1.1 addport	210
12.1.2 deleteport (Interface Config)	210
12.1.3 deleteport (Global Config)	210
12.1.4 port-channel	210
12.1.5 clear port-channel	211
12.1.6 port lacpmode	211
12.1.7 port lacpmode all	211
12.1.8 port-channel adminmode	212
12.1.9 port-channel name	212
12.1.10 port-channel linktrap	212
12.1.11 hashing-mode	213
12.2 Port-Channel Show Commands	213
12.2.1 show port-channel	214
12.2.2 show port-channel	214
Chapter 13 Quality of Service (QoS) Commands	217
13.1 Class of Service (CoS) Commands	217
13.1.1 classofservice dot1p-mapping	218
13.1.2 classofservice ip-precedence-mapping	218
13.1.3 classofservice ip-dscp-mapping	219
13.1.4 classofservice trust	219
13.1.5 cos-queue min-bandwidth	220
13.1.6 cos-queue strict	220
13.1.7 traffic-shape	220
13.1.8 show classofservice dot1p-mapping	221
13.1.9 show classofservice ip-precedence-mapping	221
13.1.10 show classofservice ip-dscp-mapping	222
13.1.11 show classofservice trust	222
13.1.12 show interfaces cos-queue	222
13.2 Differentiated Services (DiffServ) Commands	223
13.2.1 diffserv	224
13.3 DiffServ Class Commands	225
13.3.1 class-map	225
13.3.2 class-map rename	226
13.3.3 match ethertype	226
13.3.4 match any	227
13.3.5 match class-map	227
13.3.6 match cos	228
13.3.7 match destination-address mac	228
13.3.8 match dstip	228
13.3.9 match dstl4port	228
13.3.10 match ip dscp	229
13.3.11 match ip precedence	229
13.3.12 match ip tos	230
13.3.13 match protocol	230
13.3.14 match source-address mac	231
13.3.15 match srcip	231
13.3.16 match srcl4port	231
13.3.17 match vlan	232
13.4 DiffServ Policy Commands	232
13.4.1 policy-map	233
13.4.2 assign-queue	233
13.4.3 drop	234
13.4.4 conform-color	234
13.4.5 class	234
13.4.6 mark cos	235
13.4.7 mark ip-dscp	236
13.4.8 mark ip-precedence	236
13.4.9 police-simple	236
13.4.10 policy-map rename	237
13.5 DiffServ Service Commands	237
13.5.1 service-policy	237
13.6 DiffServ Show Commands	238
13.6.1 show class-map	239
13.6.2 show diffserv	239
13.6.3 show policy-map	240
13.6.4 show diffserv service	243
13.6.5 show diffserv service brief	243
13.6.6 show policy-map interface	244
13.6.7 show service-policy	244
13.7 MAC Access Control List (ACL) Commands	245
13.7.1 mac access-list extended	245
13.7.2 mac access-list extended rename	246
13.7.3 {deny\|permit}	246
13.7.4 mac access-group	248
13.7.5 show mac access-lists	248
13.8 IP Access Control List (ACL) Commands	249
13.8.1 access-list	250
13.8.2 ip access-group	251
13.8.3 show ip access-lists	252
13.8.4 show access-lists	253
Chapter 14 Routing Commands	255
14.1 Address Resolution Protocol (ARP) Commands	255
14.1.1 arp	256
14.1.2 ip proxy-arp	256
14.1.3 arp cachesize	257
14.1.4 arp dynamicrenew	257
14.1.5 arp purge	257
14.1.6 arp resptime	257
14.1.7 arp retries	258
14.1.8 arp timeout	258
14.1.9 clear arp-cache	259
14.1.10 show arp	259
14.1.11 show arp brief	260
14.2 IP Routing Commands	261
14.2.1 routing	261
14.2.2 ip routing	261
14.2.3 ip address	262
14.2.4 ip route	262
14.2.5 ip route default	263
14.2.6 ip route distance	263
14.2.7 ip forwarding	264
14.2.8 ip mtu	264
14.2.9 encapsulation	265
14.2.10 clear ip route all	266
14.2.11 show ip	266
14.2.12 show ip interface	267
14.2.13 show ip interface	268
14.2.14 show ip route	268
14.2.15 show ip route bestroutes	269
14.2.16 show ip route entry	269
14.2.17 show ip route preferences	270
14.2.18 show ip stats	271
14.3 Virtual LAN Routing Commands	271
14.3.1 vlan routing	271
14.3.2 show ip vlan	271
14.4 Virtual Router Redundancy Protocol (VRRP) Commands	272
14.4.1 ip vrrp	273
14.4.2 ip vrrp	273
14.4.3 ip vrrp mode	274
14.4.4 ip vrrp ip	274
14.4.5 ip vrrp authentication	274
14.4.6 ip vrrp preempt	275
14.4.7 ip vrrp priority	275
14.4.8 ip vrrp timers advertise	276
14.4.9 show ip vrrp interface stats	276
14.4.10 show ip vrrp	278
14.4.11 show ip vrrp interface	278
14.4.12 show ip vrrp interface <unit/slot/port>	279
14.5 Open Shortest Path First (OSPF) Commands	279
14.5.1 router ospf	280
14.5.2 enable (OSPF)	280
14.5.3 ip ospf	280
14.5.4 1583compatibility	281
14.5.5 area default-cost	281
14.5.6 area nssa	281
14.5.7 area nssa default-info-originate	282
14.5.8 area nssa no-redistribute (OSPF)	282
14.5.9 area nssa no-summary (OSPF)	282
14.5.10 area nssa translator-role (OSPF)	282

Match case Limit results 1 per page

Command Line Interface Reference for the ProSafe 7200RS Series Layer-2 Stackable Switches

13-34

Quality of Service (QoS) Commands

v1.0, October 2008

13.8.1 access-list

This command creates an IP Access Control List (ACL) that is identified by the ACL

number

The IP ACL number is an integer from 1 to 99 for an IP standard ACL and from 100 to

199 for an IP extended ACL.

The IP ACL rule is specified with either a

permit or deny

action.

The protocol to filter for an IP ACL rule is specified by giving the protocol to be used like

cmp,igmp,ip,tcp,udp.

The command specifies a source IP address and source mask for match condition of the IP

ACL rule specified by the

srcip

and

srcmask

parameters.

The source layer 4 port match condition for the IP ACL rule is specified by the

port value

parameter. The range of values is from 0 to 65535.

The <

portvalue>

parameter uses a single keyword notation and currently has the values

domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp

, and

www

. Each

of these values translates into its equivalent port number, which is used as both the start

and end of a port range.

The command specifies a destination IP address and destination mask for match condition

of the IP ACL rule specified by the

dstip

and

dstmask

parameters.

The command specifies the TOS for an IP ACL rule depending on a match of precedence

or DSCP values using the parameters

dscp,

precedence

tos/tosmask

The command specifies the TCP flags for an IP ACL rule depending on a TCP flag match.

Supported options are:

•

URG (Urgent Pointer Flag)—identifies incoming data as urgent

•

ACK (Acknowledgement Flag)—Acknowledges successful receipt of packets

•

PSH (Push Flag)—Ensures that the data is given priority

•

RST (Reset Flag)—Used when a segment arrives that is not intended for the current

connection

•

SYM (Synchronization Flag)—Initially sent when establishing a 3-way handshake

•

FIN (FIN Flag)—Used to tear down virtual connections

The command specifies the assign-queue which is the queue identifier to which packets

matching this rule are assigned.

Default

none