Home » Netgear Manuals » Hubs & Switches » Netgear M4100-26G » Manual Viewer

Netgear M4100-26G CLI Manual - Page 481

ip access-group

Add to My Manuals
Save this manual to your list of manuals

Page 481 highlights

ProSafe M4100 and M7100 Managed Switches Note: The mirror parameter allows traffic matching this rule to be copied to the specified , while the redirect parameter allows traffic matching this rule to be forwarded to the specified . The assign-queue and redirect parameters are valid only for a permit rule. A rule might either deny or permit traffic according to the specified classification fields. At a minimum, either every keyword or the protocol, source address, and destination address values must be specified. The source and destination IP address fields might be specified using the keyword 'any' to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format. The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform. The assign-queue parameter is valid only for a permit rule. The time-range parameter allows imposing time limitation on the IP ACL rule as defined by the parameter . If a time range with the specified name does not exist and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with specified name exists and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive. The user can specify a simple rate limiter for packets matching an ACL "permit" rule. The user needs to specify the burst size in kbytes and allowed rate of traffic in kbps. The conforming traffic is allowed to transmit, and non-conforming traffic is dropped. This action is ignored for any "deny" rule, since by definition matching packets are dropped. Format Mode {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | } [{eq { | } [{eq {| }] [precedence | tos | dscp ] [log] [rate-limit ] [timerange ] [assign-queue ] [{mirror | redirect} [lag | ] Ipv4-Access-List Config ip access-group This command either attaches a specific IP ACL identified by to an interface or associates with a VLAN ID in a given direction. The parameter is the name of the access control list. An optional sequence number might be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction. A lower Quality of Service (QoS) Commands 481

Section	Page
ProSafe Managed Switch	1
Contents	3
1. Using the Command-Line Interface	7
Licensing and Command Support	8
Command Syntax	9
Command Conventions	9
Common Parameter Values	10
Slot/Port Naming Convention	11
Using a Command’s “No” Form	12
Managed Switch Modules	12
Command Modes	12
Command Completion and Abbreviation	16
CLI Error Messages	16
CLI Line-Editing Conventions	17
Using CLI Help	17
Accessing the CLI	18
2. Switching Commands	19
Port Configuration Commands	21
Loopback Interface Commands	27
Spanning Tree Protocol (STP) Commands	30
VLAN Commands	47
Double VLAN Commands	60
Voice VLAN Commands	63
Provisioning (IEEE 802.1p) Commands	65
Protected Ports Commands	65
Private VLAN	68
GARP Commands	71
GVRP Commands	73
GMRP Commands	75
Port-Based Network Access Control Commands	77
802.1X Supplicant Commands	91
Storm-Control Commands	94
Flow Control Commands	104
Port-Channel/LAG (802.3ad) Commands	105
Port Mirroring	121
Static MAC Filtering	123
DHCP L2 Relay Agent Commands	127
DHCP Client Commands	131
DHCP Snooping Configuration Commands	132
Dynamic ARP Inspection Commands	141
IGMP Snooping Configuration Commands	148
IGMP Snooping Querier Commands	157
MLD Snooping Commands	161
MLD Snooping Querier Commands	168
set mld querier	168
set mld querier query_interval	169
set mld querier timer expiry	169
set mld querier election participate	170
show mldsnooping querier	170
Port Security Commands	171
LLDP (802.1AB) Commands	175
LLDP-MED Commands	184
Denial of Service Commands	193
MAC Database Commands	203
ISDP Commands	205
Priority-Based Flow Control Commands	210
3. Multicast VLAN Registration (MVR)	213
About MVR	214
MVR Commands	214
4. Routing Commands	221
Address Resolution Protocol (ARP) Commands	222
IP Routing Commands	227
Router Discovery Protocol Commands	244
Virtual LAN Routing Commands	248
Virtual Router Redundancy Protocol Commands	249
DHCP and BOOTP Relay Commands	257
IP Helper Commands	259
Open Shortest Path First (OSPF) Commands	263
OSPF Graceful Restart Commands	304
nsf	305
nsf restart-interval	305
nsf helper	306
nsf helper disable	307
nsf [ietf] helper strict-lsa-checking	307
OSPF Interface Flap Dampening Commands	309
Routing Information Protocol (RIP) Commands	311
ICMP Throttling Commands	318
5. IP Multicast Commands	321
Multicast Commands	321
DVMRP Commands	326
PIM Commands	331
Internet Group Message Protocol (IGMP) Commands	342
IGMP Proxy Commands	349
6. IPv6 Commands	355
Tunnel Interface Commands	356
IPv6 Routing Commands	357
OSPFv3 Commands	380
OSPFv3 Graceful Restart Commands	411
DHCPv6 Commands	413
7. IPv6 Multicast Commands	421
IPv6 Multicast Forwarder Commands	422
IPv6 PIM Commands	424
IPv6 MLD Commands	431
IPv6 MLD-Proxy Commands	437
8. Quality of Service (QoS) Commands	443
Class of Service (CoS) Commands	444
Differentiated Services (DiffServ) Commands	451
DiffServ Class Commands	452
DiffServ Policy Commands	461
DiffServ Service Commands	466
DiffServ Show Commands	468
MAC Access Control List (ACL) Commands	473
IP Access Control List (ACL) Commands	478
IPv6 Access Control List (ACL) Commands	484
Time Range Commands for Time-Based ACLs	488
AutoVOIP	490
iSCSI Commands	494
9. Power over Ethernet (PoE) Commands	501
About PoE	501
PoE Commands	502
10. Utility Commands	512
Auto Install Commands	513
Dual Image Commands	515
System Information and Statistics Commands	517
Logging Commands	534
Email Alerting and Mail Server Commands	539
System Utility and Clear Commands	546
Simple Network Time Protocol (SNTP) Commands	556
DHCP Server Commands	564
DNS Client Commands	575
Packet Capture Commands	580
Serviceability Packet Tracing Commands	583
Cable Test Command	603
sFlow Commands	604
Software License Commands	609
IP Address Conflict Commands	610
Link Local Protocol Filtering Commands	611
RMON Stats and History Commands	612
UDLD Commands	618
USB commands	620
11. Management Commands	623
Configuring the Switch Management CPU	624
Network Interface Commands	626
Console Port Access Commands	629
Telnet Commands	631
Secure Shell (SSH) Commands	636
Management Security Commands	639
Hypertext Transfer Protocol (HTTP) Commands	640
Access Commands	647
User Account Commands	647
SNMP Commands	670
RADIUS Commands	680
TACACS+ Commands	693
Configuration Scripting Commands	698
Pre-Login Banner and System Prompt Commands	700
Switch Database Management (SDM) Templates	701
IPv6 Management Commands	703
12. Log Messages	708
Core	709
Utilities	711
Management	713
Switching	717
QoS	723
Routing/IPv6 Routing	724
Multicast	727
Stacking	729
Technologies	730
O/S Support	732
13. Green Ethernet Commands	734
Energy-Detect Mode	735
Energy Efficient Ethernet (EEE)	735

Match case Limit results 1 per page

Quality of Service (QoS) Commands

481

ProSafe M4100 and M7100 Managed Switches

Note:

The

mirror

parameter allows traffic matching this rule to be copied

to the specified

, while the redirect parameter allows

traffic matching this rule to be forwarded to the specified

. The

assign-queue

and

redirect

parameters

are valid only for a

permit

rule.

A rule might either deny or permit traffic according to the specified classification fields. At a

minimum, either every keyword or the protocol, source address, and destination address

values must be specified. The source and destination IP address fields might be specified

using the keyword ‘

any

’ to indicate a match on any value in that field. The remaining

command parameters are all optional, but the most frequently used parameters appear in the

same relative order as shown in the command format.

The assign-queue parameter allows specification of a particular hardware queue for handling

traffic that matches this rule. The allowed

<queue-id>

value is 0-(n-1), where n is the

number of user configurable queues available for the hardware platform. The

assign-queue

parameter is valid only for a

permit

rule.

The time-range parameter allows imposing time limitation on the IP ACL rule as defined by

the parameter <time-range-name>. If a time range with the specified name does not exist

and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then

the ACL rule is applied immediately. If a time range with specified name exists and the IP

ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule

is applied when the time-range with specified name becomes active. The ACL rule is

removed when the time-range with specified name becomes inactive.

The user can specify a simple rate limiter for packets matching an ACL “permit” rule. The

user needs to specify the burst size in kbytes and allowed rate of traffic in kbps. The

conforming traffic is allowed to transmit, and non-conforming traffic is dropped. This action is

ignored for any “deny” rule, since by definition matching packets are dropped.

Format

{deny | permit} {every | {{icmp | igmp | ip | tcp | udp | <number>}

<srcip> <srcmask>[{eq {<portkey> | <0-65535>} <dstip> <dstmask> [{eq

{<portkey>| <0-65535>}] [precedence <precedence> | tos <tos>

<tosmask> | dscp <dscp>] [log] [rate-limit <1-4294967295> <1-128>]

[timerange <time-range-name>] [assign-queue <queue-id>] [{mirror |

redirect}

[lag <lag-group-id> | <slot/port>]

Mode

ip access-group

This command either attaches a specific IP ACL identified by

to an

interface or associates with a VLAN ID in a given direction. The parameter

<name>

is the

name of the access control list.

An optional sequence number might be specified to indicate the order of this IP access list

relative to other IP access lists already assigned to this interface and direction. A lower

Ipv4-Access-List Config