Intel® NetStructure™ 6000 Switch

More documents

Recommendations

Info

C H A P T E R 5 Managing the Switch IP access control and access lists do not apply to frames that are switched within the same VLAN. If the devices are on the same VLAN, they maintain their IP connectivity and are able to ping or Telnet each other even though ACL rules may forbid IP traffic between the two. IP connection between an end station and the 6000 switch is never subjected to ACL rules. An end station can Telnet the switch or use an SNMP agent for management activities. The IP Access Control configuration is stored in NVRAM. ACL rules The order rules are applied to an incoming packet are determined by the order that a rule was entered into the ACL. The 6000 switch supports a maximum of 128 filtering rules. The source IP address and source wildcard mask or destination IP address and destination wildcard mask represents a single host or a range of hosts in a network. A wildcard mask is a method used to define a range of host IP addresses with an accompanying network or subnet IP address. It uses the same notation as the dotted decimal IP address. The wildcard mask cannot overlap with the corresponding network or subnet address. Network/ Subnet Address Wildcard Mask Examples Wildcard Mask 172.18.1.0 0.0.0.255 172.18.2.0 0.0.0.7 Description All the host addresses in the range 172.18.1.0. through 172.18.1.255, All the host addresses in the range 172.18.2.0. through 172.18.2.7, 172.18.3.0 0.0.255.255 Invalid since address and mask overlap, For a single device or host, the address must be the designated IP address of the device and the wildcard mask must be 0.0.0.0 or the word “host.” permit 172.18.1.2 0.0.0.0 172.18.3.2 0.0.0.0 or permit 172.18.1.2 host 172.18.3.2 host 188
C H A P T E R 5 Intel® NetStructure 6000 Switch User Guide For a range of devices, the address must represent a network or subnet address and the wildcard mask must identify the range of IP addresses. The address and wildcard mask pair of 0.0.0.0/ 255.255.255.255 or the word “all” represents all possible IP addresses. 6000 Switch>#>deny 172.18.2.0 0.0.0.255 172.18.3.0 0.0.0.255 In the example below, the rule denies any packets from being sent from source IP 17.18.4.0/ 0.0.0.255 to all IP addresses. 6000 Switch>#>deny 172.18.4.0 0.0.0.255 all The format for any rule includes: • An action (deny or permit) • A source IP address and source wildcard mask • A destination IP address and destination wildcard mask Adding a permit rule Type acl add rule_number permit (source_address source_wildcard_mask)( destination_address destination_wildcard_mask) in privileged mode to add a permit rule. 6000 switch>#>acl add 1 permit 172.18.1.2 0.0.0.0 172.18.3.2 0.0.0.0 When adding a rule, all subsequent rules (starting from the requested rule number) are shifted one position down towards the last rule. An end rule can only be overwritten with a new end rule. For example, if a new rule 1 is added. The existing rule 1 becomes rule 2 and all of the other rules shift down one number. 3 Type enable acl to activate IP Access Control once you have completed adding all of the rules to the ACL. 6000 switch>#>enable acl Note ACL is disabled by default. When disabled, all routable packets are forwarded to the destination interface. It is recommended that ACL remain disabled while adding rules to the rules list. 189
Page 1 and 2:
Intel® NetStructure 6000 Switch Us
Page 3 and 4:
Contents Using the Switch 5 Unpacki
Page 5:
Contents Intel® NetStructure 6000
Page 8 and 9:
C H A P T E R 1 Intel® NetStructur
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 123 and 124:
Using Local Management Topic See Pa
Page 125 and 126:
C H A P T E R 4 Using Local Managem
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140: C H A P T E R 4 Using Local Managem
Page 147 and 148: Managing the Switch Topic See Page
Page 149 and 150: C H A P T E R 5 Intel® NetStructur
Page 189: C H A P T E R 5 Intel® NetStructur
Page 213 and 214: $ Appendix A: Command Reference
Page 215 and 216: A P P E N D I X A Intel® NetStruct
Page 241 and 242:
A P P E N D I X A Intel® NetStruct
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305:
Page 308 and 309:
A P P E N D I X B GateD Reference T
Page 310 and 311:
A P P E N D I X B GateD Reference m
Page 312 and 313:
A P P E N D I X B GateD Reference C
Page 314 and 315:
A P P E N D I X B GateD Reference A
Page 316 and 317:
A P P E N D I X B GateD Reference C
Page 318 and 319:
A P P E N D I X B GateD Reference c
Page 320 and 321:
A P P E N D I X B GateD Reference S
Page 322 and 323:
A P P E N D I X B GateD Reference R
Page 324 and 325:
A P P E N D I X B GateD Reference l
Page 326 and 327:
A P P E N D I X B GateD Reference m
Page 328 and 329:
Support Services Intel offers a ran
Page 330 and 331:
A P P E N D I X C Intel® NetStruct
Page 332 and 333:
A P P E N D I X C Technical Informa
Page 335 and 336:
, Index Symbols ? command 218 Numer
Page 337 and 338:
I N D E X Intel® NetStructure 6000
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345:
show all

Intel® NetStructure™ 6000 Switch

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?