Home » TP-Link Manuals » Hubs & Switches » TP-Link T2500-28TCTL-SL5428E » Manual Viewer

TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 CLI Reference Guide - Page 211

access-list extended

View all TP-Link T2500-28TCTL-SL5428E manuals

Add to My Manuals
Save this manual to your list of manuals

Page 211 highlights

T2500-28TC JetStream L2 Managed Switch CLI Guide frag -- Enable/Disable Fragment. By default, it is disabled. If Fragment is enabled, this rule will process all the fragments and the last piece of fragment will be always forwarded. Command Mode Global Configuration Mode Example Create a Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule, the source IP address is 192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: T2500-28TC(config)#access-list create 120 T2500-28TC(config)#access-list standard 120 rule 10 permit sip 192.168.0.100 smask 255.255.255.0 tseg tSeg1 access-list extended Description The access-list extended command is used to add Extended-IP ACL rule. To delete the corresponding rule, please use no access-list extended command. Syntax access-list extended acl-id rule rule-id {deny | permit} [ [sip source-ip] smask source-ip-mask] [ [dip destination-ip] dmask destination-ip-mask] [tseg time-segment] [frag {disable | enable}] [dscp dscp] [s-port s-port] [d-port d-port] [tcpflag tcpflag] [protocol protocol] [icmptype icmptype] [icmpcode icmpcode] [tos tos] [pri pri] no access-list extended acl-id rule rule-id Parameter acl-id--The desired Extended-IP ACL for configuration. rule-id -- The rule ID. deny -- The operation to discard packets. permit --The operation to forward packets. It is the default value. source-ip -- The source IP address contained in the rule. source-ip-mask -- The source IP address mask. It is required if you typed the source IP address. 194

Section	Page
Preface	18
Chapter 1 Using the CLI	22
1.1 Accessing the CLI	22
1.1.1 Logon by a console port	22
1.1.2 Logon by Telnet	23
1.1.3 Logon by SSH	27
1.2 CLI Command Modes	32
1.3 Security Levels	35
1.4 Conventions	35
1.4.1 Format Conventions	35
1.4.2 Special Characters	35
1.4.3 Parameter Format	36
Chapter 2 User Interface	37
enable	37
enable password	37
disable	38
configure	38
exit	39
end	39
history	40
history clear	40
Chapter 3 IEEE 802.1Q VLAN Commands	41
vlan	41
interface vlan	42
name	42
switchport mode	43
switchport access vlan	43
switchport trunk allowed vlan	44
switchport general allowed vlan	45
switchport pvid	45
show vlan summary	46
show vlan brief	46
show vlan	47
Chapter 4 MAC-based VLAN Commands	48
mac-vlan mac-address	48
mac-vlan	49
show mac-vlan	49
show mac-vlan interface	50
Chapter 5 Protocol-based VLAN Commands	51
protocol-vlan template	51
protocol-vlan vlan	52
protocol-vlan	52
show protocol-vlan template	53
show protocol-vlan vlan	53
show protocol-vlan interface	54
Chapter 6 VLAN-VPN Commands	55
dot1q-tunnel	55
dot1q-tunnel tpid	55
dot1q-tunnel mapping	56
switchport dot1q-tunnel mapping	57
switchport dot1q-tunnel mode uplink	57
show dot1q-tunnel	58
show dot1q-tunnel mapping	58
show dot1q-tunnel mapping interface	59
show dot1q-tunnel uplink	59
Chapter 7 Voice VLAN Commands	60
voice vlan	60
voice vlan aging time	60
voice vlan priority	61
voice vlan mac-address	62
switchport voice vlan mode	62
switchport voice vlan security	63
show voice vlan	64
show voice vlan oui	64
show voice vlan switchport	65
Chapter 8 Private VLAN Commands	66
private-vlan primary	66
private-vlan community	66
private-vlan association	67
switchport private-vlan	67
switchport private-vlan host-association	68
switchport private-vlan mapping	69
show vlan private-vlan	70
Chapter 9 GVRP Commands	71
gvrp	71
gvrp (interface)	71
gvrp registration	72
gvrp timer	73
show gvrp global	74
show gvrp interface	74
Chapter 10 Etherchannel Commands	75
channel-group	75
port-channel load-balance	76
lacp system-priority	76
lacp port-priority	77
show etherchannel	77
show etherchannel load-balance	78
show lacp	78
show lacp sys-id	79
Chapter 11 User Manage Commands	80
user name	80
user access-control ip-based	81
user access-control mac-based	81
user access-control port-based	82
user max-number	83
user idle-timeout	83
line	84
password	85
login	86
login local	86
show user account-list	87
show user configuration	87
Chapter 12 Binding Table Commands	88
ip source binding	88
ip source binding index	89
ip dhcp snooping	90
ip dhcp snooping global	90
ip dhcp snooping information option	91
ip dhcp snooping information strategy	92
ip dhcp snooping information remote-id	93
ip dhcp snooping information circuit-id	93
ip dhcp snooping trust	94
ip dhcp snooping mac-verify	95
ip dhcp snooping limit rate	95
ip dhcp snooping decline	96
show ip source binding	96
show ip dhcp snooping	97
show ip dhcp snooping information interface	97
show ip dhcp snooping interface	98
Chapter 13 ARP Inspection Commands	99
ip arp inspection(global)	99
ip arp inspection trust	99
ip arp inspection(interface)	100
ip arp inspection limit-rate	101
ip arp inspection recover	101
show ip arp inspection	102
show ip arp inspection interface	102
show ip arp inspection statistics	103
clear ip arp inspection statistics	103
Chapter 14 IP Verify Source Commands	104
ip verify source	104
show ip verify source	105
Chapter 15 DoS Defend Command	106
ip dos-prevent	106
ip dos-prevent ping-rate	106
ip dos-prevent syn-rate	107
ip dos-prevent type	108
ip dos-prevent detect	109
clear ip dos-prevent detect statistics	109
show ip dos-prevent	110
Chapter 16 IEEE 802.1X Commands	111
dot1x system-auth-control	111
dot1x auth-method	112
dot1x guest-vlan(global)	112
dot1x accounting	113
dot1x quiet-period	114
dot1x timeout	114
dot1x max-reauth-req	115
dot1x	115
dot1x guest-vlan(interface)	116
dot1x port-control	117
dot1x port-method	117
show dot1x global	118
show dot1x interface	119
Chapter 17 PPPoE Circuit-ID Insertion Commands	120
pppoe circuit-id(global)	120
pppoe circuit-id(interface)	120
pppoe circuit-id type	121
show pppoe circuit-id global	122
show pppoe circuit-id interface	122
Chapter 18 System Log Commands	124
logging buffer	124
logging file flash	125
logging file flash frequency	125
logging file flash level	126
clear logging	127
logging host index	127
show logging local-config	128
show logging loghost	128
show logging buffer	129
show logging flash	129
Chapter 19 SSH Commands	131
ip ssh server	131
ip ssh version	131
ip ssh timeout	132
ip ssh max-client	132
ip ssh download	133
show ip ssh	134
Chapter 20 SSL Commands	135
ip http secure-server	135
ip http secure-server download certificate	135
ip http secure-server download key	136
show ip http secure-server	137
Chapter 21 MAC Address Commands	138
mac address-table static	138
mac address-table aging-time	139
mac address-table filtering	139
mac address-table max-mac-count	140
show mac address-table	141
show mac address-table aging-time	142
show mac address-table max-mac-count interface	142
show mac address-table interface	143
show mac address-table count	143
show mac address-table address	143
show mac address-table vlan	144
Chapter 22 System Configuration Commands	145
system-time manual	145
system-time ntp	145
system-time dst predefined	147
system-time dst date	148
system-time dst recurring	149
hostname	150
location	150
contact-info	151
ip management-vlan	151
ip address	152
ip address-alloc dhcp	152
ip address-alloc bootp	153
reset	153
reboot	154
copy running-config startup-config	154
copy startup-config tftp	155
copy tftp startup-config	155
firmware upgrade	156
ping	157
tracert	158
loopback interface	159
show system-time	159
show system-time dst	160
show system-time ntp	160
show system-info	160
show running-config	161
show cable-diagnostics interface	161
Chapter 23 IPv6 Address Configuration Commands	163
ipv6 enable	163
ipv6 address autoconfig	163
ipv6 address link-local	164
ipv6 address dhcp	165
ipv6 address ra	165
ipv6 address eui-64	166
ipv6 address	166
show ipv6 interface vlan	167
Chapter 24 Ethernet Configuration Commands	168
interface fastEthernet	168
interface range fastEthernet	168
interface gigabitEthernet	169
interface range gigabitEthernet	169
description	170
shutdown	171
flow-control	171
media-type	172
duplex	172
speed	173
storm-control broadcast	173
storm-control multicast	174
storm-control unicast	175
bandwidth	175
clear counters	176
show interface status	176
show interface counters	177
show interface description	178
show interface flowcontrol	178
show interface configuration	179
show storm-control	179
show bandwidth	180
Chapter 25 QoS Commands	181
qos	181
qos cos	181
qos dscp	182
qos queue cos-map	183
qos queue dscp-map	183
qos queue mode	184
show qos interface	185
show qos cos-map	186
show qos dscp-map	186
show qos queue mode	187
show qos status	187
Chapter 26 Port Mirror Commands	188
monitor session destination interface	188
monitor session source interface	189
show monitor session	190
Chapter 27 Port isolation Commands	191
port isolation	191
show port isolation	192
Chapter 28 Loopback Detection Commands	193
loopback-detection(global)	193
loopback-detection interval	193
loopback-detection recovery-time	194
loopback-detection(interface)	194
loopback-detection config	195
loopback-detection recover	196
show loopback-detection global	196
show loopback-detection interface	197
Chapter 29 DDM Commands	198
ddm state enable	198
ddm shutdown	198
ddm temperature_threshold	199
ddm voltage_threshold	200
ddm bias_current_threshold	201
ddm tx_power_threshold	202
ddm rx_power_threshold	203
show ddm configuration	204
show ddm status	205
Chapter 30 ACL Commands	206
time-range	206
absolute	206
periodic	207
holiday	208
holiday(global)	208
access-list create	209
mac access-list	209
access-list standard	210
access-list extended	211
access-list combined	212
rule	214
access-list policy name	215
access-list policy action	216
redirect interface	216
redirect vlan	217
s-condition	217
s-mirror	218
qos-remark	218
access-list bind(interface)	219
access-list bind(vlan)	220
show time-range	220
show holiday	220
show access-list	221
show access-list policy	221
show access-list bind	222
Chapter 31 MSTP Commands	223
spanning-tree(global)	223
spanning-tree(interface)	223
spanning-tree common-config	224
spanning-tree mode	225
spanning-tree mst configuration	226
instance	226
name	227
revision	227
spanning-tree mst instance	228
spanning-tree mst	229
spanning-tree priority	229
spanning-tree tc-defend	230
spanning-tree timer	231
spanning-tree hold-count	231
spanning-tree max-hops	232
spanning-tree bpdufilter	233
spanning-tree bpduguard	233
spanning-tree guard loop	234
spanning-tree guard root	234
spanning-tree guard tc	235
spanning-tree mcheck	235
show spanning-tree active	236
show spanning-tree bridge	236
show spanning-tree interface	237
show spanning-tree interface-security	237
show spanning-tree mst	238
Chapter 32 Ethernet OAM Commands	240
ethernet-oam	240
ethernet-oam mode	240
ethernet-oam link-monitor symbol-period	241
ethernet-oam link-monitor frame	242
ethernet-oam link-monitor frame-period	243
ethernet-oam link-monitor frame-seconds	244
ethernet-oam remote-failure	245
ethernet-oam remote-loopback received-remote- loopback	246
ethernet-oam remote-loopback	247
clear ethernet-oam statistics	247
clear ethernet-oam event-log	248
show ethernet-oam configuration	249
show ethernet-oam event-log	249
show ethernet-oam statistics	250
show ethernet-oam status	250
Chapter 33 DLDP Commands	252
dldp(global)	252
dldp interval	252
dldp shut-mode	253
dldp reset(global)	253
dldp(interface)	254
dldp reset(interface)	254
show dldp	255
show dldp interface	255
Chapter 34 IGMP Snooping Commands	257
ip igmp snooping(global)	257
ip igmp snooping(interface)	257
ip igmp snooping immediate-leave	258
ip igmp snooping drop-unknown	258
ip igmp snooping vlan-config	259
ip igmp snooping multi-vlan-config	260
ip igmp snooping filter add-id	261
ip igmp snooping filter(global)	262
ip igmp snooping filter(interface)	262
ip igmp snooping filter maxgroup	263
ip igmp snooping filter mode	263
ip igmp snooping querier vlan	264
ip igmp snooping querier vlan (general query)	265
ip igmp snooping querier vlan (specific query)	266
ip igmp snooping authentication	267
show ip igmp snooping	267
show ip igmp snooping interface	268
show ip igmp snooping vlan	268
show ip igmp snooping multi-vlan	269
show ip igmp snooping groups	269
show ip igmp snooping filter	270
show ip igmp snooping querier vlan	271
show ip igmp snooping querier	271
show ip igmp snooping interface authentication	271
Chapter 35 MLD Snooping Commands	273
ipv6 mld snooping	273
ipv6 mld snooping router-aging-time	273
ipv6 mld snooping member-aging-time	274
ipv6 mld snooping report-suppression	274
ipv6 mld snooping unknown-filter	275
ipv6 mld snooping last-listener query-inteval	275
ipv6 mld snooping last-listener query-count	276
ipv6 mld snooping multicast-vlan	276
ipv6 mld snooping multicast-vlan vlan-id	277
ipv6 mld snooping vlan	277
ipv6 mld snooping vlan router-aging-time	278
ipv6 mld snooping vlan member-aging-time	278
ipv6 mld snooping vlan immediate-leave	279
ipv6 mld snooping vlan mrouter	279
ipv6 mld snooping vlan static	280
ipv6 mld snooping querier vlan	280
ipv6 mld snooping querier vlan max-response-time	281
ipv6 mld snooping querier vlan query-interval	282
ipv6 mld snooping querier vlan query-source	282
ipv6 mld snooping filter(global)	283
ipv6 mld snooping filter(interface)	283
ipv6 mld snooping filter-mode	284
ipv6 mld snooping filter-id	284
ipv6 mld snooping max-group	285
clear ipv6 mld snooping statistics	285
show ipv6 mld snooping	286
show ipv6 mld snooping vlan	286
show ipv6 mld snooping static-mcast	287
show ipv6 mld snooping group	287
show ipv6 mld snooping filter	288
show ipv6 mld snooping interface	288
show ipv6 mld snooping interface filter	288
show ipv6 mld snooping querier	289
show ipv6 mld snooping statistics	289
Chapter 36 SNMP Commands	291
snmp-server	291
snmp-server view	291
snmp-server group	292
snmp-server user	293
snmp-server community	295
snmp-server host	296
snmp-server engineID	297
snmp-server traps snmp	298
snmp-server traps security	299
snmp-server traps link-status	300
snmp-server traps	300
snmp-server traps ddm	301
snmp-server traps mac	302
snmp-server traps vlan	303
rmon history	304
rmon event	305
rmon alarm	306
show snmp-server	308
show snmp-server view	308
show snmp-server group	308
show snmp-server user	309
show snmp-server community	309
show snmp-server host	310
show snmp-server engineID	310
show rmon history	310
show rmon event	311
show rmon alarm	311
Chapter 37 LLDP Commands	313
lldp	313
lldp hold-multiplier	313
lldp timer	314
lldp receive	315
lldp transmit	315
lldp snmp-trap	316
lldp tlv-select	317
lldp med-fast-count	317
lldp med-status	318
lldp med-tlv-select	318
lldp med-location	319
show lldp	320
show lldp interface	320
show lldp local-information interface	321
show lldp neighbor-information interface	321
show lldp traffic interface	322
Chapter 38 Cluster Commands	323
cluster ndp	323
cluster ntdp	324
cluster explore	325
cluster	325
cluster ip pool	326
cluster commander	326
cluster manage	327
cluster member	327
cluster candidate	328
cluster individual	328
show cluster ndp	329
show cluster ntdp	329
show cluster	330
show cluster member	330
show cluster manage role	331
show cluster neighbor	331
Chapter 39 AAA Commands	332
aaa enable	332
tacacs-server host	333
show tacacs-server	334
radius-server host	334
show radius-server	335
aaa group	336

Match case Limit results 1 per page

T2500-28TC

JetStream L2 Managed Switch CLI Guide

194

frag

——

Enable/Disable Fragment. By default, it is disabled. If Fragment is

enabled, this rule will process all the fragments and the last piece of fragment

will be always forwarded.

Command Mode

Global Configuration Mode

Example

Create a Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule,

the source IP address is 192.168.0.100, the source IP address mask is

255.255.255.0, the time-range for the rule to take effect is tSeg1, and the

packets match this rule will be forwarded by the switch:

T2500-28TC(config)#access-list create

120

T2500-28TC(config)#access-list standard

120

rule

10 permit

sip

192.168.0.100

smask

255.255.255.0

tseg

tSeg1

access-list extended

Description

The

access-list extended

command is used to add Extended-IP ACL rule. To

delete the corresponding rule, please use

no access-list extended

command.

Syntax

access-list extended

acl-id

rule

rule-id

{deny

permit} [ [

sip

source-ip

]

smask

source-ip-mask

] [ [

dip

destination-ip

]

dmask

destination-ip-mask

] [

tseg

time-segment

] [

frag

{disable | enable}] [

dscp

] [

s-port

] [

d-port

]

[

tcpflag

] [

protocol

] [

icmptype

] [

icmpcode

]

[

tos

] [

pri

]

no access-list extended

acl-id

rule

rule-id

Parameter

acl-id

——

The desired Extended-IP ACL for configuration.

rule-id

——

The rule ID.

deny

——

The operation to discard packets.

permit

——

The operation to forward packets. It is the default value.

source-ip

——

The source IP address contained in the rule.

source-ip-mask

——

The source IP address mask. It is required if you typed

the source IP address.