Home » TP-Link Manuals » Hubs & Switches » TP-Link T2600G-18TSTL-SG3216 » Manual Viewer

TP-Link T2600G-18TSTL-SG3216 T2600G-28MPSUN V2 CLI Reference Guide Guide - Page 298

access-list extended

View all TP-Link T2600G-18TSTL-SG3216 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 298 highlights

255.255.255.0, the time-range for the rule to take effect is "tRange1", and the packets match this rule will be forwarded by the switch: T2600G-28TS(config)# access-list create 520 T2600G-28TS(config)# access-list standard 520 rule 10 permit sip 192.168.0.100 smask 255.255.255.0 tseg tSeg1 35.9access-list extended Description The access-list extended command is used to add Extended-IP ACL rule. To delete the corresponding rule, please use no access-list extended command. Syntax access-list extended acl-id rule rule-id { deny | permit } [[ sip source-ip ] smask source-ip-mask ] [[ dip destination-ip] dmask destination-ip-mask ] [ tseg time-segment ] [frag {disable | enable}] [ dscp dscp ] [ s-port s-port ] [ d-port d-port ] [ tcpflag tcpflag ] [ protocol protocol ] [ tos tos ] [ pre pre ] no access-list extended acl-id rule rule-id Parameter acl-id--The desired Extended-IP ACL for configuration. rule-id -- The rule ID. deny -- The operation to discard packets. permit --The operation to forward packets. It is the default value. source-ip -- The source IP address contained in the rule. source-ip-mask -- The source IP address mask. It is required if you typed the source IP address. destination-ip -- The destination IP address contained in the rule. destination-ip-mask -- The destination IP address mask. It is required if you typed the destination IP address. time-segment -- The time-range for the rule to take effect. By default, it is not limited. frag -- Enable/Disable Fragment. By default, it is disabled. If Fragment is enabled, this rule will process all the fragments and the last piece of fragment will be always forwarded. dscp -- Specify the dscp value, ranging from 0 to 63. 277

Section	Page
Preface	22
Chapter 1 Using the CLI	26
1.1 Accessing the CLI	26
1.1.1 Logon by a console port	26
1.1.2 Logon by Telnet	28
1.1.3 Logon by SSH	32
1.2 CLI Command Modes	37
1.3 Privilege Restrictions	40
1.4 Conventions	40
1.4.1 Format Conventions	40
1.4.2 Special Characters	41
1.4.3 Parameter Format	41
Chapter 2 User Interface	42
2.1 enable	42
2.2 service password-encryption	42
2.3 enable password	43
2.4 enable secret	44
2.5 configure	45
2.6 exit	46
2.7 end	46
2.8 history	47
2.9 history clear	47
Chapter 3 IEEE 802.1Q VLAN Commands	49
3.1 vlan	49
3.2 interface vlan	49
3.3 name	50
3.4 switchport mode	51
3.5 switchport access vlan	52
3.6 switchport trunk allowed vlan	52
3.7 switchport general allowed vlan	53
3.8 switchport pvid	54
3.9 show vlan summary	55
3.10 show vlan brief	55
3.11 show vlan	56
3.12 show interface switchport	56
Chapter 4 MAC-based VLAN Commands	58
4.1 mac-vlan mac-address	58
4.2 mac-vlan	59
4.3 show mac-vlan	59
4.4 show mac-vlan interface	60
Chapter 5 Protocol-based VLAN Commands	61
5.1 protocol-vlan template (For T2600G-18TS only)	61
5.2 protocol-vlan template (For other switches)	62
5.3 protocol-vlan vlan	63
5.4 protocol-vlan group	64
5.5 show protocol-vlan template	64
5.6 show protocol-vlan vlan	65
Chapter 6 VLAN-VPN Commands	66
6.1 dot1q-tunnel	66
6.2 dot1q-tunnel tpid	66
6.3 dot1q-tunnel mapping	67
6.4 switchport dot1q-tunnel mapping	68
6.5 switchport dot1q-tunnel mode	69
6.6 show dot1q-tunnel	69
6.7 show dot1q-tunnel mapping	70
6.8 show dot1q-tunnel interface	70
Chapter 7 Private VLAN Commands	72
7.1 private-vlan primary	72
7.2 private-vlan community	72
7.3 private-vlan isolated	73
7.4 private-vlan association	74
7.5 switchport private-vlan	74
7.6 switchport private-vlan host-association	75
7.7 switchport private-vlan mapping	76
7.8 show vlan private-vlan	77
7.9 show vlan private-vlan interface	77
Chapter 8 L2PT Commands	79
8.1 l2protocol-tunnel	79
8.2 l2protocol-tunnel type	79
8.3 show l2protocol-tunnel global	81
8.4 show l2protocol-tunnel interface	81
Chapter 9 GVRP Commands	83
9.1 gvrp	83
9.2 gvrp (interface)	83
9.3 gvrp registration	84
9.4 gvrp timer	85
9.5 show gvrp interface	86
9.6 show gvrp global	87
Chapter 10 Voice VLAN Commands	88
10.1 voice vlan	88
10.2 voice vlan aging	88
10.3 voice vlan priority	89
10.4 voice vlan mac-address	90
10.5 switchport voice vlan mode	90
10.6 switchport voice vlan security	91
10.7 show voice vlan	92
10.8 show voice vlan oui	92
10.9 show voice vlan switchport	93
Chapter 11 Etherchannel Commands	94
11.1 channel-group	94
11.2 port-channel load-balance	95
11.3 lacp system-priority	96
11.4 lacp port-priority	96
11.5 show etherchannel	97
11.6 show etherchannel load-balance	98
11.7 show lacp	98
11.8 show lacp sys-id	99
Chapter 12 User Management Commands	101
12.1 user name (password)	101
12.2 user name (secret)	102
12.3 service password-recovery	103
12.4 user access-control ip-based	104
12.5 user access-control mac-based	105
12.6 user access-control port-based	106
12.7 line	106
12.8 password	107
12.9 login	109
12.10 login local	109
12.11 media-type rj45	110
12.12 telnet	111
12.13 serial_port baud-rate	111
12.14 show password-recovery	112
12.15 show user account-list	112
12.16 show user configuration	113
12.17 show telnet-status	113
Chapter 13 HTTP and HTTPS Commands	115
13.1 ip http server	115
13.2 ip http max-users (For T2600G-18TS only)	116
13.3 ip http max-users (For other switches)	117
13.4 ip http session timeout	117
13.5 ip http secure-server	118
13.6 ip http secure-protocol	119
13.7 ip http secure-ciphersuite	119
13.8 ip http secure-max-users	120
13.9 ip http secure-session timeout	121
13.10 ip http secure-server download certificate	122
13.11 ip http secure-server download key	122
13.12 show ip http configuration	123
13.13 show ip http secure-server	124
Chapter 14 ARP Commands	125
14.1 arp	125
14.2 clear arp-cache	126
14.3 arp timeout	126
14.4 show arp	127
14.5 show ip arp (interface)	127
14.6 show ip arp summary	128
Chapter 15 Binding Table Commands	129
15.1 ip source binding	129
15.2 ip dhcp snooping	130
15.3 ip dhcp snooping vlan	131
15.4 ip dhcp snooping information option	132
15.5 ip dhcp snooping information strategy	132
15.6 ip dhcp snooping information remote-id	133
15.7 ip dhcp snooping information circuit-id	134
15.8 ip dhcp snooping trust	135
15.9 ip dhcp snooping mac-verify	135
15.10 ip dhcp snooping limit rate	136
15.11 ip dhcp snooping decline rate	137
15.12 show ip source binding	138
15.13 show ip dhcp snooping	138
15.14 show ip dhcp snooping interface	139
15.15 show ip dhcp snooping information interface	139
Chapter 16 IPv6 Binding Table Commands	141
16.1 ipv6 source binding	141
16.2 ipv6 dhcp snooping	142
16.3 ipv6 dhcp snooping vlan	143
16.4 ipv6 dhcp snooping trust	143
16.5 ipv6 nd snooping	144
16.6 ipv6 nd snooping vlan	145
16.7 ipv6 nd snooping max-entries	145
16.8 show ipv6 source binding	146
16.9 show ipv6 dhcp snooping	147
16.10 show ipv6 dhcp snooping interface	147
16.11 show ipv6 nd snooping	148
16.12 show ipv6 nd snooping interface	148
Chapter 17 IP Verify Source Commands	150
17.1 ip verify source	150
17.2 show ip verify source	151
17.3 show ip verify source interface	151
Chapter 18 IPv6 Verify Source Commands	153
18.1 ipv6 verify source	153
18.2 show ipv6 verify source	154
18.3 show ipv6 verify source interface	154
Chapter 19 ND Detection Commands	156
19.1 ipv6 nd detection	156
19.2 ipv6 nd detection vlan	156
19.3 ipv6 nd detection trust	157
19.4 show ipv6 nd detection	158
19.5 show ipv6 nd detection interface	158
Chapter 20 ARP Inspection Commands	160
20.1 ip arp inspection(global)	160
20.2 ip arp inspection trust	160
20.3 ip arp inspection(interface)	161
20.4 ip arp inspection limit-rate	162
20.5 ip arp inspection recover	163
20.6 show ip arp inspection	163
20.7 show ip arp inspection interface	164
20.8 show ip arp inspection statistics	164
20.9 clear ip arp inspection statistics	165
Chapter 21 DoS Defend Commands	166
21.1 ip dos-prevent	166
21.2 ip dos-prevent type	166
21.3 show ip dos-prevent	168
Chapter 22 IEEE 802.1X Commands	169
22.1 dot1x system-auth-control	169
22.2 dot1x handshake	170
22.3 dot1x auth-method	170
22.4 dot1x accounting	171
22.5 dot1x guest-vlan(global)	172
22.6 dot1x quiet-period	172
22.7 dot1x timeout supplicant-timeout	173
22.8 dot1x max-reauth-req	174
22.9 dot1x	175
22.10 dot1x guest-vlan(interface)	175
22.11 dot1x port-control	176
22.12 dot1x port-method	177
22.13 show dot1x global	178
22.14 show dot1x interface	178
Chapter 23 PPPoE ID-Insertion Commands	180
23.1 pppoe id-insertion(global)	180
23.2 pppoe circuit-id(interface)	181
23.3 pppoe circuit-id type	181
23.4 pppoe remote-id	182
23.5 show pppoe id-insertion global	183
23.6 show pppoe id-insertion interface	183
Chapter 24 System Log Commands	185
24.1 logging buffer	185
24.2 logging buffer level	185
24.3 logging file flash	186
24.4 logging file flash frequency	187
24.5 logging file flash level	188
24.6 logging host index	188
24.7 logging console	189
24.8 logging console level	190
24.9 logging monitor	190
24.10 logging monitor level	191
24.11 clear logging	192
24.12 show logging local-config	193
24.13 show logging loghost	193
24.14 show logging buffer	194
24.15 show logging flash	194
Chapter 25 SSH Commands	196
25.1 ip ssh server	196
25.2 ip ssh version	196
25.3 ip ssh algorithm	197
25.4 ip ssh timeout	198
25.5 ip ssh max-client	198
25.6 ip ssh download	199
25.7 remove public-key	200
25.8 show ip ssh	200
Chapter 26 MAC Address Commands	202
26.1 mac address-table static	202
26.2 mac address-table aging-time	203
26.3 mac address-table filtering	203
26.4 mac address-table notification	204
26.5 mac address-table max-mac-count	205
26.6 mac address-table notification (interface)	206
26.7 mac address-table security	207
26.8 show mac address-table	208
26.9 clear mac address-table	209
26.10 show mac address-table aging-time	209
26.11 show mac address-table max-mac-count	210
26.12 show mac address-table interface	210
26.13 show mac address-table count	211
26.14 show mac address-table address	211
26.15 show mac address-table vlan	212
26.16 show mac address-table notification	213
26.17 show mac address-table security	213
Chapter 27 System Configuration Commands	215
27.1 system-time manual	215
27.2 system-time ntp	215
27.3 system-time dst predefined	217
27.4 system-time dst date	218
27.5 system-time dst recurring	219
27.6 hostname	220
27.7 location	221
27.8 contact-info	221
27.9 ip address	222
27.10 ip address-alloc	223
27.11 reset	224
27.12 reboot	224
27.13 reboot-schedule	225
27.14 copy running-config startup-config	226
27.15 copy startup-config tftp	226
27.16 copy tftp startup-config	227
27.17 boot application	228
27.18 remove backup-image	228
27.19 firmware upgrade	229
27.20 boot autoinstall start	230
27.21 boot autoinstall persistent-mode	230
27.22 boot autoinstall auto-save	231
27.23 boot autoinstall auto-reboot	231
27.24 boot autoinstall retry-count	232
27.25 show boot autoinstall	233
27.26 show boot autoinstall downloaded-config	233
27.27 ping	234
27.28 tracert	235
27.29 show system-info	236
27.30 show system-info interface	236
27.31 show image-info	237
27.32 show boot	237
27.33 show running-config	238
27.34 show startup-config	238
27.35 show system-time	239
27.36 show system-time dst	239
27.37 show system-time ntp	239
27.38 show cable-diagnostics interface gigabitEthernet	240
27.39 show cable-diagnostics careful interface	241
27.40 show cpu-utilization	241
27.41 show memory-utilization	242
Chapter 28 IPv6 Address Configuration Commands	243
28.1 ipv6 enable	243
28.2 ipv6 address autoconfig	243
28.3 ipv6 address link-local	244
28.4 ipv6 address dhcp	245
28.5 ipv6 address ra	245
28.6 ipv6 address eui-64	246
28.7 ipv6 address	247
28.8 show ipv6 interface	247
Chapter 29 Ethernet Configuration Commands	249
29.1 interface gigabitEthernet	249
29.2 interface range gigabitEthernet	249
29.3 description	250
29.4 shutdown	251
29.5 flow-control	251
29.6 duplex	252
29.7 jumbo	253
29.8 jumbo-size	253
29.9 speed	254
29.10 storm-control pps	255
29.11 storm-control	255
29.12 bandwidth	256
29.13 clear counters	257
29.14 show interface status	258
29.15 show interface counters	258
29.16 show interface configuration	259
29.17 show storm-control	260
29.18 show bandwidth	260
Chapter 30 QoS Commands	262
30.1 qos (For T2600G-18TS only)	262
30.2 qos (For other switches)	263
30.3 qos cos	263
30.4 qos dscp	264
30.5 qos queue cos-map	265
30.6 qos queue dscp-map (For T2600G-18TS only)	266
30.7 qos queue dscp-map (For other switches)	267
30.8 qos queue mode	268
30.9 qos queue weight	269
30.10 show qos interface	270
30.11 show qos cos-map	271
30.12 show qos dscp-map	271
30.13 show qos queue mode	272
30.14 show qos status	272
Chapter 31 Port Mirror Commands	273
31.1 monitor session destination interface	273
31.2 monitor session source interface	274
31.3 show monitor session	275
Chapter 32 Port Isolation Commands	276
32.1 port isolation	276
32.2 show port isolation interface	277
Chapter 33 Loopback Detection Commands	278
33.1 loopback-detection(global)	278
33.2 loopback-detection interval	278
33.3 loopback-detection recovery-time	279
33.4 loopback-detection(interface)	279
33.5 loopback-detection config	280
33.6 loopback-detection recover	281
33.7 show loopback-detection global	281
33.8 show loopback-detection interface	282
Chapter 34 DDM Commands	284
34.1 ddm state enable	284
34.2 ddm shutdown	284
34.3 ddm temperature_threshold	285
34.4 ddm voltage_threshold	286
34.5 ddm bias_current_threshold	287
34.6 ddm tx_power_threshold	288
34.7 ddm rx_power_threshold	289
34.8 show ddm configuration	290
34.9 show ddm status	291
Chapter 35 ACL Commands	292
35.1 time-range	292
35.2 absolute	292
35.3 periodic	293
35.4 holiday	294
35.5 holiday(global)	295
35.6 access-list create	295
35.7 mac access-list	296
35.8 access-list standard	297
35.9 access-list extended	298
35.10 access-list combined	299
35.11 access-list ipv6	301
35.12 rule	302
35.13 access-list policy name	304
35.14 access-list policy action	304
35.15 redirect interface	305
35.16 s-condition	306
35.17 s-mirror	306
35.18 qos-remark	307
35.19 access-list bind acl(interface)	308
35.20 access-list bind acl(vlan)	308
35.21 access-list bind(interface)	309
35.22 access-list packet-content profile	310
35.23 access-list packet-content config	310
35.24 access-list bind(vlan)	311
35.25 show access-list	312
35.26 show access-list policy	313
35.27 show access-list bind	313
Chapter 36 MSTP Commands	314
36.1 debug spanning-tree	314
36.2 spanning-tree(global)	315
36.3 spanning-tree(interface)	315
36.4 spanning-tree common-config	316
36.5 spanning-tree mode	317
36.6 spanning-tree mst configuration	318
36.7 instance	318
36.8 name	319
36.9 revision	320
36.10 spanning-tree mst instance	320
36.11 spanning-tree mst	321
36.12 spanning-tree priority	322
36.13 spanning-tree timer	323
36.14 spanning-tree hold-count	324
36.15 spanning-tree max-hops	324
36.16 spanning-tree bpdufilter	325
36.17 spanning-tree bpduguard	325
36.18 spanning-tree guard loop	326
36.19 spanning-tree guard root	327
36.20 spanning-tree guard tc	327
36.21 spanning-tree mcheck	328
36.22 show spanning-tree active	329
36.23 show spanning-tree bridge	329
36.24 show spanning-tree interface	330
36.25 show spanning-tree interface-security	330
36.26 show spanning-tree mst	331
Chapter 37 Ethernet OAM Commands	333
37.1 ethernet-oam	333
37.2 ethernet-oam mode	333
37.3 ethernet-oam link-monitor symbol-period	334
37.4 ethernet-oam link-monitor frame	335
37.5 ethernet-oam link-monitor frame-period	336
37.6 ethernet-oam link-monitor frame-seconds	337
37.7 ethernet-oam remote-failure	338
37.8 ethernet-oam remote-loopback received-remote- loopback	339
37.9 ethernet-oam remote-loopback	340
37.10 clear ethernet-oam statistics	341
37.11 clear ethernet-oam event-log	341
37.12 show ethernet-oam configuration	342
37.13 show ethernet-oam event-log	343
37.14 show ethernet-oam statistics	343
37.15 show ethernet-oam status	344
Chapter 38 DLDP Commands	345
38.1 dldp(global)	345
38.2 dldp interval	345
38.3 dldp shut-mode	346
38.4 dldp reset(global)	347
38.5 dldp(interface)	347
38.6 dldp reset(interface)	348
38.7 show dldp	348
38.8 show dldp interface	349
Chapter 39 IGMP Snooping Commands	350
39.1 ip igmp snooping(global)	350
39.2 ip igmp snooping(interface)	350
39.3 ip igmp snooping rtime	351
39.4 ip igmp snooping mtime	352
39.5 ip igmp snooping report-suppression	352
39.6 ip igmp snooping immediate-leave	353
39.7 ip igmp snooping drop-unknown	353
39.8 ip igmp snooping last-listener query-inteval	354
39.9 ip igmp snooping last-listener query-count	355
39.10 ip igmp snooping vlan-config	355
39.11 ip igmp snooping vlan-config (router-port-forbidden)	357
39.12 ip igmp snooping multi-vlan-config	358
39.13 ip igmp snooping multi-vlan-config (router-port-forbidden)	359
39.14 ip igmp snooping multi-vlan-config (source-ip-replace)	360
39.15 ip igmp snooping querier vlan	360
39.16 ip igmp snooping querier vlan (general query)	361
39.17 ip igmp snooping max-groups	362
39.18 ip igmp snooping authentication	363
39.19 ip igmp snooping accounting	364
39.20 ip igmp profile	364
39.21 deny	365
39.22 permit	366
39.23 range	366
39.24 ip igmp filter	367
39.25 clear ip igmp snooping statistics	367
39.26 show ip igmp snooping	368
39.27 show ip igmp snooping interface	368
39.28 show ip igmp snooping vlan	369
39.29 show ip igmp snooping multi-vlan	370
39.30 show ip igmp snooping groups	370
39.31 show ip igmp snooping querier	371
39.32 show ip igmp profile	372
Chapter 40 MLD Snooping Commands	373
40.1 ipv6 mld snooping(global)	373
40.2 ipv6 mld snooping(interface)	373
40.3 ipv6 mld snooping rtime	374
40.4 ipv6 mld snooping mtime	374
40.5 ipv6 mld snooping report-suppression	375
40.6 ipv6 mld snooping immediate-leave	375
40.7 ipv6 mld snooping drop-unknown	376
40.8 ipv6 mld snooping last-listener query-inteval	377
40.9 ipv6 mld snooping last-listener query-count	377
40.10 ipv6 mld snooping vlan-config	378
40.11 ip mld snooping vlan-config (router-port-forbidden)	379
40.12 ipv6 mld snooping multi-vlan-config	380
40.13 ipv6 mld snooping multi-vlan-config (router-port-forbidden)	381
40.14 ipv6 mld snooping multi-vlan-config (source-ip-replace)	382
40.15 ipv6 mld snooping querier vlan	383
40.16 ipv6 mld snooping querier vlan (general query)	383
40.17 ipv6 mld snooping max-groups	384

Match case Limit results 1 per page

255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the

packets match this rule will be forwarded by the switch:

T2600G-28TS(config)# access-list create

520

T2600G-28TS(config)#

access-list

standard

520

rule

permit

sip

192.168.0.100

smask

255.255.255.0

tseg

tSeg1

35.9

access-list extended

Description

The

access-list extended

command is used to add Extended-IP ACL rule. To

delete

the

corresponding

rule,

please

use

access-list

extended

command.

Syntax

access-list extended

acl-id

rule

rule-id

{ deny

permit } [[

sip

source-ip

]

smask

source-ip-mask

] [[

dip

destination-ip

]

dmask

destination-ip-mask

]

[

tseg

time-segment

] [

frag

{disable | enable}] [

dscp

] [

s-port

]

[

d-port

] [

tcpflag

] [

protocol

] [

tos

] [

pre

]

no access-list extended

acl-id

rule

rule-id

Parameter

acl-id

——The desired Extended-IP ACL for configuration.

rule-id

—— The rule ID.

deny —— The operation to discard packets.

permit ——The operation to forward packets. It is the default value.

source-ip

—— The source IP address contained in the rule.

source-ip-mask

—— The source IP address mask. It is required if you typed

the source IP address.

destination-ip

—— The destination IP address contained in the rule.

destination-ip-mask

—— The destination IP address mask. It is required if you

typed the destination IP address.

time-segment

—— The time-range for the rule to take effect. By default, it is

not limited.

frag —— Enable/Disable Fragment. By default, it is disabled. If Fragment is

enabled, this rule will process all the fragments and the last piece of fragment

will be always forwarded.

dscp

—— Specify the dscp value, ranging from 0 to 63.

277