Home » Netgear Manuals » Hubs & Switches » Netgear XSM4324FS » Manual Viewer

Netgear XSM4324FS CLI Manual Software Version 12.x - Page 974

packet-too-big, port-unreachable

Add to My Manuals
Save this manual to your list of manuals

Page 974 highlights

M4300 Intelligent Edge Series Fully Managed Stackable Switches Table 14. IP ACL command parameters (continued) Parameter Description flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established] Specifies that the IP ACL rule matches on the tcp flags. When + is specified, a match occurs if specified flag is set in the TCP header. When - is specified, a match occurs if specified flag is NOT set in the TCP header. When established is specified, a match occurs if either the specified RST or ACK bits are set in the TCP header. Two rules are installed in hardware to when the established option is specified. This option is available only if protocol is tcp. [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmp-message] Note: This option is available only if the protocol is ICMP. Specifies a match condition for ICMP packets. When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. Specifying icmp-message implies both icmp-type and icmp-code are specified. The following icmp-message options are supported: echo, echo-reply, host-redirect, mobile-redirect, net-redirect, net-unreachable, redirect, packet-too-big, port-unreachable, source-quench, router-solicitation, router-advertisement, time-exceeded, ttl-exceeded, and unreachable. The ICMP message is decoded into corresponding ICMP type and ICMP code within that ICMP type. igmp-type igmp-type Note: This option is visible only if the protocol is IGMP. When igmp-type is specified, the IP ACL rule matches on the specified IGMP message type, a number from 0 to 255. fragments Specifies that the IP ACL rule matches on noninitial fragmented packets where the fragment extension header contains a nonzero fragment offset. The fragments keyword is an option only if the protocol is ipv6 and the operator port-number arguments are not specified. log Specifies that this rule is to be logged. time-range time-range-name Allows imposing a time limitation on the ACL rule as defined by the parameter time-range-name. If a time range with the specified name does not exist and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, the ACL rule is applied immediately. If a time range with specified name exists and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive. Quality of Service Commands 974 CLI Command Reference Manual

Section	Page
M4300 Intelligent Edge Series Fully Managed Stackable Switches	1
Contents	4
1 About the Managed Switch Software	9
Scope	10
Product Concept	10
2 Using the Command-Line Interface	11
Command Syntax	12
Command Conventions	12
Common Parameter Values	13
unit/slot/port Naming Convention	14
Using the No Form of a Command	15
Executing Show Commands	15
CLI Output Filtering	15
3 Software Modules	17
Command Modes	18
Command Completion and Abbreviation	23
CLI Error Messages	23
CLI Line-Editing Conventions	24
Using CLI Help	25
Access the CLI	26
4 Stacking Commands	27
Dedicated Port Stacking Commands	28
Stack Port Commands	40
Stack Firmware Synchronization Commands	47
Nonstop Forwarding Commands for Stack Configuration	48
5 Management Commands	53
Configure the Switch Management CPU	54
CPU Queue Commands	57
Management Interface Commands	58
IPv6 Management Commands	65
Console Port Access Commands	70
Telnet Commands	72
Secure Shell Commands	77
Management Security Commands	80
Management Access Control List Commands	81
Hypertext Transfer Protocol Commands	85
Access Commands	93
User Account Commands	94
Per-Command Authorization	99
Exec Authorization	99
SNMP Commands	126
RADIUS Commands	138
TACACS+ Commands	156
Configuration Scripting Commands	161
Prelogin Banner, System Prompt, and Host Name Commands	163
OpenFlow Commands	165
Cloud Managed Commands	176
Application Commands	180
6 Utility Commands	183
AutoInstall Commands	184
CLI Output Filtering Commands	188
Dual Image Commands	190
System Information and Statistics Commands	191
Switch Services Commands	220
Logging Commands	223
Email Alerting and Mail Server Commands	231
System Utility and Clear Commands	237
Simple Network Time Protocol Commands	251
Time Zone Commands	257
DHCP Server Commands	261
DNS Client Commands	274
IP Address Conflict Commands	280
Serviceability Packet Tracing Commands	281
Support Mode Commands	317
Cable Test Command	319
Power Management Commands	320
USB commands	322
sFlow Commands	323
Switch Database Management Template Commands	331
Green Ethernet Commands	334
Remote Monitoring Commands	343
Statistics Application Commands	358
7 Switching Commands	366
Port Configuration Commands	368
Expandable Port Configuration Commands for 40G Ports on the APM402XL Port Card	376
Port Configuration for the Third-Party TPM404H HDMI Port Card	378
Port Link Flap Commands	379
Spanning Tree Protocol Commands	381
Loop Protection Commands	414
VLAN Commands	417
Switch Port Commands	429
Double VLAN Commands	433
Private VLAN Commands	437
Voice VLAN Commands	439
Precision Time Protocol Commands	443
Provisioning (IEEE 802.1p) Commands	444
Asymmetric Flow Control	445
Protected Ports Commands	446
Private Group Commands	448
GARP Commands	450
GVRP Commands	452
GMRP Commands	454
Port-Based Network Access Control Commands	457
802.1X Supplicant Commands	477
Storm-Control Commands	481
Link Dependency Commands	490
Link Local Protocol Filtering Commands	492
MRP Commands	493
MMRP Commands	494
MVRP Commands	498
Port-Channel/LAG (802.3ad) Commands	501
Port Mirroring Commands	521
Static MAC Filtering Commands	524
DHCP L2 Relay Agent Commands	528
DHCP Client Commands	536
DHCP Snooping Configuration Commands	537
Dynamic ARP Inspection Commands	547
MVR Commands	554
IGMP Snooping Configuration Commands	562
IGMP Snooping Querier Commands	576
MLD Snooping Commands	581
MLD Snooping Querier Commands	591
Port Security Commands	596
LLDP (802.1AB) Commands	601
LLDP-MED Commands	610
Denial of Service Commands	618
MAC Database Commands	628
ISDP Commands	631
Interface Error Disabling and Auto Recovery Commands	638
UniDirectional Link Detection Commands	641
Link Debounce Commands	645
Bonjour Commands	646
8 Routing Commands	648
Address Resolution Protocol Commands	649
IP Routing Commands	656
Routing Policy Commands	682
Router Discovery Protocol Commands	692
Virtual LAN Routing Commands	696
Virtual Router Redundancy Protocol Commands	699
DHCP and BootP Relay Commands	709
IP Helper Commands	711
Open Shortest Path First Commands	719
General OSPF Commands	719
OSPF Interface Commands	739
IP Event Dampening Commands	745
OSPF Graceful Restart Commands	748
OSPFv2 Stub Router Commands	751
OSPF Show Commands	752
Routing Information Protocol Commands	774
ICMP Throttling Commands	782
9 Captive Portal Commands	785
Captive Portal Global Commands	786
Captive Portal Configuration Commands	791
Captive Portal Status Commands	801
Captive Portal Client Connection Commands	803
Captive Portal Interface Commands	806
Captive Portal Local User Commands	807
Captive Portal User Group Commands	815
10 IPv6 Commands	817
Tunnel Interface Commands	818
Loopback Interface Commands	820
IPv6 Routing Commands	821
OSPFv3 Commands	857
Global OSPFv3 Commands	858
OSPFv3 Interface Commands	874
OSPFv3 Graceful Restart Commands	879
OSPFv3 Stub Router Commands	883
OSPFv3 Show Commands	884
DHCPv6 Commands	901
DHCPv6 Snooping Configuration Commands	912
11 Quality of Service Commands	923
Class of Service Commands	924
Differentiated Services Commands	932
DiffServ Class Commands	934
DiffServ Policy Commands	943
DiffServ Service Commands	949
DiffServ Show Commands	950
MAC Access Control List Commands	956
IP Access Control List Commands	965
IPv6 Access Control List Commands	981
Time Range Commands for Time-Based ACLs	990
Auto-Voice over IP Commands	993
iSCSI Optimization Commands	997
12 Data Center Commands	1004
Priority-Based Flow Control Commands	1005
13 IP Multicast Commands	1010
Multicast Commands	1011
DVMRP Commands	1019
PIM Commands	1024
Internet Group Message Protocol Commands	1042
IGMP Proxy Commands	1050
14 IPv6 Multicast Commands	1056
IPv6 Multicast Forwarder	1057
IPv6 PIM Commands	1061
IPv6 MLD Commands	1076
IPv6 MLD-Proxy Commands	1084
15 Power over Ethernet Commands	1090
About PoE	1091
PoE Commands	1091
16 Switch Software Log Messages	1102
Core	1103
Utilities	1105
Management	1108
Switching	1112
QoS	1119
Routing/IPv6 Routing	1120
Multicast	1123
Stacking	1128
Technologies	1128
O/S Support	1131

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133
1,134
1,135
1,136
1,137
1,138
1,139
1,140
1,141
1,142
1,143
1,144
1,145
1,146
1,147
1,148
1,149
1,150
1,151
1,152
1,153
1,154
1,155
1,156
1,157
1,158
1,159
1,160
1,161
1,162
1,163
1,164
1,165
1,166
1,167
1,168
1,169
1,170
1,171

Match case Limit results 1 per page

M4300 Intelligent Edge Series Fully

Managed Stackable Switches

Quality of Service Commands

CLI Command Reference Manual

974

flag [+fin | -fin] [+syn | -syn] [+rst |

-rst] [+psh | -psh] [+ack | -ack] [+urg

| -urg] [established]

Specifies that the IP ACL rule matches on the tcp flags.

When +<tcpflagname> is specified, a match occurs if specified

<tcpflagname> flag is set in the TCP header.

When -<tcpflagname> is specified, a match occurs if specified

<tcpflagname> flag is NOT set in the TCP header.

When established

is specified, a match occurs if either the

specified RST or ACK bits are set in the TCP header. Two rules

are installed in hardware to when the established option is

specified.

This option is available only if protocol is tcp.

[icmp-type

icmp-type

[icmp-code

icmp-code

] | icmp-message

icmp-message

]

Note:

This option is available only if the protocol is ICMP.

Specifies a match condition for ICMP packets.

When

icmp-type

is specified, IP ACL rule matches on the

specified ICMP message type, a number from

0 to

255.

When

icmp-code

is specified, IP ACL rule matches on the

specified ICMP message code, a number from

0 to

255.

Specifying

icmp-message

implies both

icmp-type

and

icmp-code

are specified. The following

icmp-message

options

are supported:

echo

echo-reply

host-redirect

mobile-redirect

net-redirect

net-unreachable

redirect

packet-too-big

port-unreachable

source-quench

router-solicitation

router-advertisement

time-exceeded

ttl-exceeded

and

unreachable

The ICMP message is decoded into corresponding ICMP type

and ICMP code within that ICMP type.

igmp-type

Note:

This option is visible only if the protocol is IGMP.

When

igmp-type

is specified, the IP ACL rule matches on the

specified IGMP message type, a number from

0 to

255.

fragments

Specifies that the IP ACL rule matches on noninitial fragmented

packets where the fragment extension header contains a nonzero

fragment offset. The fragments keyword is an option only if the

protocol is

ipv6

and the operator port-number arguments are not

specified.

log

Specifies that this rule is to be logged.

time-range

time-range-name

Allows imposing a time limitation on the ACL rule as defined by

the parameter

time-range-name

. If a time range with the

specified name does not exist and the ACL containing this ACL

rule is applied to an interface or bound to a VLAN, the ACL rule is

applied immediately. If a time range with specified name exists

and the ACL containing this ACL rule is applied to an interface or

bound to a VLAN, the ACL rule is applied when the time-range

with specified name becomes active. The ACL rule is removed

when the time-range with specified name becomes inactive.

Table 14.

IP ACL command parameters (continued)

Parameter

Description