Extreme Networks ExtremeWare XOS Command Dokumentacja Strona 153
- Strona / 370
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
IP Access Control Lists
ExtremeWare XOS 11.0 Concepts Guide 153
ACL Evaluation Precedence
This section discusses the precedence for evaluation among ACL rules.
Precedence within an ACL. An ACL is a policy file that contains one or more rules. In ExtremeWare
XOS, each rule can be one of following types:
• L2 rule—a rule containing only Layer 2 (L2) matching conditions, such as Ethernet MAC address
and Ethernet type.
• L3 rule—a rule containing only Layer 3 (L3) matching conditions, such as source or destination IP
address and protocol.
• L4 rule—a rule containing both Layer 3 (L3) and Layer 4 (L4) matching conditions, such as
TCP/UDP port number.
NOTE
L2 matching conditions cannot be mixed with L3/L4 matching conditions in a rule, otherwise, syntax
checking will fail.
When an ACL file contains both L2 and L3/L4 rules:
• L3/L4 rules have higher precedence over L2 rules. L3/L4 rules are evaluated before any L2 rules.
• The precedence among L3/L4 rules is determined by their relative position in the ACL file. Rules are
evaluated sequentially from top to bottom.
• The precedence among L2 rules is determined by their position in the ACL file. Rules are evaluated
sequentially from top to bottom.
• It is recommended that L2 and L3/L4 rules be grouped together for easy debugging.
Precedence among interface types. As an example of precedence among interface types, suppose a
physical port 1:2 is member port of a VLAN yellow. The ACL evaluation is performed in the following
sequence:
• If the ACL is configured on port 1:2, the port-based ACL is evaluated and the evaluation process
terminates.
• If the ACL is configured on the VLAN yellow, the VLAN-based ACL is evaluated and the evaluation
process terminates.
• If the wildcard ACL is configured, the wildcard ACL is evaluated and evaluation process terminates.
In summary, the port-based ACL has highest precedence, followed by the VLAN-based ACL and then
the wildcard ACL.
Fragmented packet handling
The following rules are used to evaluate fragmented packets or rules that use the fragments or
first-fragments keywords:
Two keywords are used to support fragmentation in ACLs:
• fragments—FO field > 0 (FO means the fragment offset field in the IP header.)
• first-fragments—FO == 0.
- ExtremeWare XOS Concepts 1
- Chapter 3 Managing the Switch 4
- Chapter 5 Virtual LANs 6
- Chapter 6 Virtual Routers 6
- Chapter 7 Forwarding Database 7
- Chapter 8 Quality of Service 7
- Chapter 10 Security 8
- Contents 10
- Chapter 15 IP Unicast Routing 11
- Part 3 Appendixes 13
- Appendix B Troubleshooting 14
- Glossary 14
- Index of Commands 14
- Introduction 15
- Conventions 16
- Related Publications 16
- Using ExtremeWare XOS 17
- 1 ExtremeWare XOS Overview 19
- ExtremeWare XOS Overview 20
- Software Modules 21
- Virtual LANs 21
- Spanning Tree Protocol 22
- Load Sharing 22
- Unicast Routing 23
- IP Multinetting 23
- Software Factory Defaults 24
- 2 Accessing the Switch 27
- Syntax Helper 28
- Command Shortcuts 28
- Line-Editing Keys 30
- Command History 31
- Common Commands 31
- Accessing the Switch 32
- Configuring Management Access 33
- Default Accounts 34
- Creating a Management Account 35
- Failsafe Account 35
- Checking Basic Connectivity 37
- Traceroute 38
- 3 Managing the Switch 39
- Configuration File Management 40
- Using the Console Interface 41
- Using Telnet 42
- About the Telnet Server 43
- Managing the Switch 44
- Using Secure Shell 2 47
- System Redundancy 47
- Node Election 48
- Relinquishing Master Status 49
- Bulk Checkpointing 50
- Dynamic Checkpointing 50
- Viewing Checkpoint Statistics 50
- Power Management 51
- Initial System Boot-Up 52
- Removing a Power Supply 52
- Displaying Power Supply Data 53
- Accessing Switch Agents 54
- Supported MIBs 54
- Displaying SNMP Settings 55
- Message Processing 56
- SNMPv3 Security 56
- Users, Groups, and Security 57
- SNMPv3 MIB Access Control 59
- SNMPv3 Notification 60
- Target Parameters 61
- Filter Profiles and Filters 61
- Notification Tags 62
- Configuring Notifications 62
- Authenticating Users 63
- Configuring and Using SNTP 64
- Process Management 67
- Configuring Ports on a Switch 70
- Jumbo Frames 72
- Path MTU Discovery 73
- Load Sharing on the Switch 74
- Load-Sharing Algorithms 75
- Load-Sharing Examples 76
- Switch Port Mirroring 77
- Extreme Discovery Protocol 79
- 5 Virtual LANs 81
- Types of VLANs 82
- Marketing 83
- Tagged VLANs 84
- Uses of Tagged VLANs 85
- Assigning a VLAN Tag 85
- Protocol-Based VLANs 87
- Predefined Protocol Filters 88
- Defining Protocol Filters 88
- VLAN Names 89
- Default VLAN 90
- Renaming a VLAN 90
- VLAN Configuration Examples 91
- Displaying VLAN Settings 92
- Tunneling (VMANs) 93
- Configuring VMANs 94
- VMAN Example 95
- 6 Virtual Routers 97
- Types of Virtual Routers 98
- Creating Virtual Routers 100
- Using Virtual Routers 101
- Virtual Routers 102
- 7 Forwarding Database 103
- FDB Entry Types 104
- FDB Configuration Examples 105
- Displaying FDB Entries 106
- MAC-Based Security 106
- 8 Quality of Service 107
- Applications and Types of QoS 108
- Configuring QoS 109
- QoS Profiles 110
- Traffic Groupings 111
- ACL-Based Traffic Groupings 112
- Configuring DiffServ 114
- Quality of Service 116
- Source port 118
- Bi-Directional Rate Shaping 121
- Bandwidth Settings 122
- Status Monitoring 125
- Slot Diagnostics 126
- Port Statistics 126
- Port Errors 127
- Port Monitoring Display Keys 128
- System Temperature 128
- System Health Checking 129
- System Health Check Example 130
- Dual MSM Systems 133
- Target Configuration 133
- Severity 134
- Components and Conditions 135
- Matching Expressions 138
- Matching Parameters 139
- Formatting Event Messages 140
- Displaying Event Logs 141
- Uploading Event Logs 141
- Displaying Debug Information 142
- Using sFlow 143
- Configuring the Local Agent 144
- Unconfiguring sFlow 145
- Displaying sFlow Information 146
- 10 Security 147
- Creating IP ACLs 148
- ACL File Syntax 149
- Security 150
- IP Access Control Lists 151
- ACL Evaluation Precedence 153
- Fragmented packet handling 153
- Example ACL Rule Entries 154
- Using ACLs on the Switch 155
- DHCP Server 156
- Switch Protection 157
- Creating Policies 158
- Policy File Syntax 158
- Table 33: Policy actions 162
- Policy Examples 163
- ExtremeWare route map: 164
- Using Policies 166
- Refreshing Policies 166
- Management Access Security 167
- Enabling and Disabling RADIUS 168
- Configuring RADIUS Accounting 168
- Configuring RADIUS 169
- RADIUS RFC 2138 Attributes 169
- Secure Shell 2 170
- Using Switching and Routing 173
- Protocols 173
- Overview of the EAPS Protocol 175
- Fast Convergence 177
- EAPS Terms 177
- Fault Detection and Recovery 178
- Restoration Operations 179
- Multiple EAPS Domains 180
- Configuring EAPS on a Switch 182
- Configuring EAPS with STP 190
- EAPS with STP Guidelines 191
- 12 Spanning Tree Protocol 195
- Table 36: STP terms 196
- Spanning Tree Domains 197
- STPD Modes 198
- Encapsulation Modes 199
- STP States 200
- Binding Ports 200
- Automatically Binding Ports 201
- Rapid Root Failover 202
- STP and Hitless Failover 202
- STP Configurations 203
- Sales, Personnel, Marketing 204
- Sales & Engineering 205
- Multiple STPDs on a Port 206
- VLAN Spanning Multiple STPDs 206
- EMISTP Deployment Constraints 207
- Per VLAN Spanning Tree 209
- Rapid Spanning Tree Protocol 209
- RSTP Terms 210
- RSTP Concepts 210
- Link Types 211
- RSTP Timers 212
- RSTP Operation 213
- Root Port Rapid Behavior 214
- Receiving Bridge Behavior 215
- Rapid Reconvergence 215
- STP Rules and Restrictions 220
- Configuring STP on the Switch 220
- STP Configuration Examples 222
- EMISTP Configuration Example 223
- Displaying STP Settings 225
- Overview of ESRP 227
- Reasons to Use ESRP 228
- ESRP Terms 228
- ESRP Concepts 230
- ESRP-Aware Switches 231
- Standard and Extended ESRP 231
- ESRP Domains 233
- Linking ESRP Switches 233
- ESRP and Hitless Failover 233
- Determining the ESRP Master 234
- Master Switch Behavior 235
- Pre-Master Switch Behavior 235
- Slave Switch Behavior 235
- Neutral Switch Behavior 235
- Electing the Master Switch 236
- ESRP Failover Time 236
- ESRP Election Algorithms 237
- Advanced ESRP Features 238
- ESRP Tracking 239
- ESRP Route Table Tracking 240
- ESRP Ping Tracking 240
- ESRP Port Restart 241
- ESRP Host Attach 242
- ESRP Groups 243
- Displaying ESRP Information 244
- ESRP Examples 244
- OSPF or RIP 245
- ESRP Cautions 248
- ESRP and STP 249
- ESRP Groups and Host Attach 249
- Overview 251
- Determining the VRRP Master 252
- Electing the Master Router 253
- Additional VRRP Highlights 254
- VRRP Operation 255
- Fully Redundant VRRP Network 256
- VRRP Configuration Parameters 257
- VRRP Examples 258
- Switch A 259
- Switch B 259
- 15 IP Unicast Routing 261
- Router Interfaces 262
- Populating the Routing Table 263
- Proxy ARP 264
- Relative Route Priorities 265
- Routing Configuration Example 266
- = IP traffic 267
- = NetBIOS traffic 267
- Route Manager 270
- Unicast Routing Protocols 270
- IGMP Snooping and IGMP 271
- Multicast Routing Protocols 271
- EAPS, ESRP, and STP 272
- DHCP Relay 272
- Configuring IP Multinetting 273
- IP Multinetting Examples 273
- Configuring DHCP/BOOTP Relay 274
- 16 Interior Gateway Protocols 275
- Overview of RIP 277
- Overview of OSPF 278
- Database Overflow 279
- Opaque LSAs 279
- Backbone Area (Area 0.0.0.0) 280
- Stub Areas 280
- Not-So-Stubby-Areas 280
- Area 2 Area 1 Area 0 281
- Point-to-Point Support 282
- Route Redistribution 283
- Interior Gateway Protocols 284
- RIP Configuration Example 285
- Configuring OSPF 286
- OSPF Wait Interval Parameters 287
- HQ_10_0_2 288
- Chi_160_26_26 288
- HQ_10_0_3 288
- LA_161_48_2 288
- Configuration for ABR1 289
- Configuration for IR1 289
- Displaying OSPF Settings 290
- BGP Attributes 292
- BGP Communities 292
- BGP Features 293
- Route Confederations 295
- Route Aggregation 298
- Using the Loopback Interface 298
- BGP Peer Groups 298
- BGP Route Flap Dampening 299
- BGP Route Selection 301
- BGP Static Network 302
- 18 IP Multicast Routing 303
- PIM Overview 304
- IGMP Overview 305
- Configuration Examples 306
- Appendixes 309
- Downloading a New Image 311
- Software Signatures 313
- Rebooting the Switch 313
- Saving Configuration Changes 314
- Viewing a Configuration 315
- Returning to Factory Defaults 316
- Renaming Configuration Files 317
- Deleting Configuration Files 317
- Synchronizing MSMs 318
- Accessing the Bootloader 318
- Upgrading the BootROM 319
- B Troubleshooting 321
- Troubleshooting 322
- Port Configuration 324
- Debug Mode 327
- TOP Command 327
- System Health Check 328
- System Odometer 329
- Temperature Operating Range 329
- Standards 331
- A (continued) 336
- B (continued) 337
- C (continued) 338
- D (continued) 339
- E (continued) 340
- G (continued) 342
- I (continued) 343
- L (continued) 344
- M (continued) 345
- O (continued) 347
- P (continued) 348
- R (continued) 350
- S (continued) 351
- T (continued) 352
- V (continued) 353
- Numerics 359
Powiązane produkty i podręczniki dla Oprogramowanie Extreme Networks ExtremeWare XOS Command
(4 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.040 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji