Онлайн-демонстрация
Связаться с нами
- /
- /
- /
- /
Contents
- 1. Preface
- 2. Basic Configuration Guide
- 2.1. Administration
- 2.1.1. configure
- 2.1.2. clear arp
- 2.1.3. clear line
- 2.1.4. enable
- 2.1.5. end
- 2.1.6. exit
- 2.1.7. history
- 2.1.8. hostname
- 2.1.9. interface
- 2.1.10. ip address
- 2.1.11. ip default-gateway
- 2.1.12. ip dhcp
- 2.1.13. ip domain lookup
- 2.1.14. ipv6 autoconfig
- 2.1.15. ipv6 address
- 2.1.16. ipv6 default-gateway
- 2.1.17. ipv6 dhcp
- 2.1.18. ip name-server
- 2.1.19. ip service
- 2.1.20. ip session-timeout
- 2.1.21. ip ssh
- 2.1.22. line
- 2.1.23. reboot
- 2.1.24. enable password
- 2.1.25. exec-timeout
- 2.1.26. password-thresh
- 2.1.27. ping
- 2.1.28. traceroute
- 2.1.29. silent-time
- 2.1.30. system name
- 2.1.31. system contact
- 2.1.32. system location
- 2.1.33. terminal length
- 2.1.34. username
- 2.1.35. show arp
- 2.1.36. show cpu utilization
- 2.1.37. show history
- 2.1.38. show info
- 2.1.39. show ip
- 2.1.40. show ip dhcp
- 2.1.41. show ip http
- 2.1.42. show ipv6
- 2.1.43. show line
- 2.1.44. show memory statistics
- 2.1.45. show privilege
- 2.1.46. show username
- 2.1.47. show users
- 2.1.48. show version
- 2.2. Management ACL
- 2.3. Time
- 2.4. System File
- 2.5. Logging
- 2.6. DHCP Server
- 2.7. Port Mirror
- 2.8. Diagnostic
- 2.1. Administration
- 3. Ethernet Configuration Guide
- 3.1. Port
- 3.2. Port Error Disable
- 3.3. MAC Address Table
- 3.4. VLAN
- 3.4.1. vlan
- 3.4.2. Name (vlan)
- 3.4.3. switchport mode
- 3.4.4. switchport hybrid pvid
- 3.4.5. switchport hybrid ingress-filtering
- 3.4.6. switchport hybrid acceptable-frame-type
- 3.4.7. switchport hybrid allowed vlan
- 3.4.8. switchport access vlan
- 3.4.9. switchport tunnel vlan
- 3.4.10. switchport trunk native vlan
- 3.4.11. switchport trunk allowed vlan
- 3.4.12. switchport default-vlan tagged
- 3.4.13. switchport forbidden default-vlan
- 3.4.14. switchport forbidden vlan
- 3.4.15. switchport vlan tpid
- 3.4.16. management-vlan
- 3.4.17. show vlan
- 3.4.18. show vlan interface membership
- 3.4.19. show interface switchport
- 3.4.20. show management-vlan
- 3.5. MAC VLAN
- 3.6. Protocol VLAN
- 3.7. Voice VLAN
- 3.8. GVRP
- 3.9. Surveillance VLAN
- 3.9.1. surveillance-vlan (Global)
- 3.9.2. surveillance-vlan (per interface)
- 3.9.3. surveillance-vlan vlan
- 3.9.4. surveillance-vlan oui-table
- 3.9.5. surveillance-vlan cos (Global)
- 3.9.6. surveillance-vlan cos (per interface)
- 3.9.7. surveillance-vlan mode
- 3.9.8. surveillance-vlan aging-time
- 3.9.9. show surveillance-vlan
- 3.10. Link Aggregation
- 3.11. Storm Control
- 3.12. Spanning Tree
- 3.12.1. instance (MST)
- 3.12.2. name (MST)
- 3.12.3. revision (MST)
- 3.12.4. spanning-tree mst configuration
- 3.12.5. spanning-tree mst cost
- 3.12.6. spanning-tree mst port-priority
- 3.12.7. spanning-tree mst priority
- 3.12.8. spanning-tree
- 3.12.9. spanning-tree mode
- 3.12.10. spanning-tree bpdu
- 3.12.11. spanning-tree bpdu-filter
- 3.12.12. spanning-tree bpdu-guard
- 3.12.13. spanning-tree cost
- 3.12.14. spanning-tree forward-delay
- 3.12.15. spanning-tree hello-time
- 3.12.16. spanning-tree maximum-age
- 3.12.17. spanning-tree edge
- 3.12.18. spanning-tree link-type
- 3.12.19. spanning-tree max-hops
- 3.12.20. spanning-tree mcheck
- 3.12.21. spanning-tree pathcost method
- 3.12.22. spanning-tree port-priority
- 3.12.23. spanning-tree priority
- 3.12.24. spanning-tree tx-hold-count
- 3.12.25. show spanning-tree
- 3.12.26. show spanning-tree interface
- 3.12.27. show spanning-tree mst
- 3.12.28. show spanning-tree mst interface
- 3.12.29. show spanning-tree mst configuration
- 3.13. UDLD
- 3.14. POE
- 4. IP Routing Configuration Guide
- 5. Multicast Configuration Guide
- 5.1. IGMP Snooping
- 5.1.1. ip igmp snooping
- 5.1.2. ip igmp snooping version
- 5.1.3. ip igmp snooping querier
- 5.1.4. ip igmp snooping vlan
- 5.1.5. ip igmp snooping vlan fastleave
- 5.1.6. ip igmp snooping vlan query-interval
- 5.1.7. ip igmp snooping vlan response-time
- 5.1.8. ip igmp snooping vlan router
- 5.1.9. ip igmp snooping vlan forbidden-port
- 5.1.10. ip igmp snooping vlan static-port
- 5.1.11. ip igmp snooping vlan static-router-port
- 5.1.12. ip igmp snooping vlan static-group
- 5.1.13. ip igmp snooping vlan group
- 5.1.14. ip igmp profile
- 5.1.15. profile range
- 5.1.16. ip igmp filter
- 5.1.17. ip igmp max-groups
- 5.1.18. ip igmp max-groups action
- 5.1.19. clear ip igmp snooping groups
- 5.1.20. clear ip igmp snooping statistics
- 5.1.21. show ip igmp snooping groups counters
- 5.1.22. show ip igmp snooping groups
- 5.1.23. show ip igmp snooping router
- 5.1.24. show ip igmp snooping querier
- 5.1.25. show ip igmp snooping
- 5.1.26. show ip igmp snooping vlan
- 5.1.27. show ip igmp snooping forward-all
- 5.1.28. show ip igmp profile
- 5.1.29. show ip igmp filter
- 5.1.30. show ip igmp max-group
- 5.1.31. show ip igmp max-group action
- 5.2. MLD Snooping
- 5.2.1. ipv6 mld snooping
- 5.2.2. ipv6 mld snooping report-suppression
- 5.2.3. ipv6 mld snooping version
- 5.2.4. ipv6 mld snooping unknown-multicast action
- 5.2.5. ipv6 mld snooping vlan
- 5.2.6. ipv6 mld snooping vlan fastleave
- 5.2.7. ipv6 mld snooping vlan last-member-query-count
- 5.2.8. ipv6 mld snooping vlan last-member-query-interval
- 5.2.9. ipv6 mld snooping vlan query-interval
- 5.2.10. ipv6 mld snooping vlan response-time
- 5.2.11. ipv6 mld snooping vlan router
- 5.2.12. ipv6 mld snooping vlan static-port
- 5.2.13. ipv6 mld snooping vlan forbidden-router-port
- 5.2.14. ipv6 mld snooping vlan static router port
- 5.2.15. ipv6 mld snooping vlan static-group
- 5.2.16. ipv6 mld snooping vlan group
- 5.2.17. ipv6 mld profile
- 5.2.18. profile range
- 5.2.19. ipv6 mld filter
- 5.2.20. ipv6 mld max-groups
- 5.2.21. ipv6 mld max-groups action
- 5.2.22. clear ipv6 mld snooping groups
- 5.2.23. clear ipv6 mld snooping statistics
- 5.2.24. show ipv6 mld snooping groups counters
- 5.2.25. show ipv6 mld snooping groups
- 5.2.26. show ipv6 mld snooping router
- 5.2.27. show ipv6 mld snooping
- 5.2.28. show ipv6 mld snooping vlan
- 5.2.29. show ipv6 mld snooping forward-all
- 5.2.30. show ipv6 mld profile
- 5.2.31. show ipv6 mld filter
- 5.2.32. show ipv6 mld max-group
- 5.2.33. show ipv6 mld max-group action
- 5.3. MVR
- 5.1. IGMP Snooping
- 6. Security Configuration Guide
- 6.1. AAA
- 6.1.1. aaa authentication
- 6.1.2. login authentication
- 6.1.3. ip http login authentication
- 6.1.4. enable authentication
- 6.1.5. show aaa authentication
- 6.1.6. show line lists
- 6.1.7. tacacs default-config
- 6.1.8. tacacs host
- 6.1.9. show tacacs default-config
- 6.1.10. show tacacs
- 6.1.11. radius default-config
- 6.1.12. radius host
- 6.1.13. show radius default-config
- 6.1.14. show radius
- 6.2. Port Security
- 6.3. Authentication Manager
- 6.3.1. authentication
- 6.3.2. authentication (per interface)
- 6.3.3. authentication mac radius
- 6.3.4. authentication mac local
- 6.3.5. authentication guest-vlan
- 6.3.6. authentication guest-vlan (per interface)
- 6.3.7. authentication host-mode
- 6.3.8. authentication max-hosts
- 6.3.9. authentication port-control
- 6.3.10. clear authentication sessions
- 6.3.11. show authentication
- 6.3.12. show authentication sessions
- 6.4. ACL
- 6.5. DOS
- 6.6. DHCP Snooping
- 6.7. Dynamic ARP Inspection
- 6.8. IP Source Guard
- 6.1. AAA
- 7. Network Management Configuration Guide
- 7.1. LLDP
- 7.2. SNMP
- 7.2.1. snmp
- 7.2.2. snmp view
- 7.2.3. snmp group
- 7.2.4. snmp community
- 7.2.5. snmp user
- 7.2.6. snmp engineid
- 7.2.7. snmp engineid remote
- 7.2.8. snmp trap
- 7.2.9. snmp host
- 7.2.10. show snmp view
- 7.2.11. show snmp group
- 7.2.12. show snmp community
- 7.2.13. show snmp user
- 7.2.14. show snmp engineid
- 7.2.15. show snmp trap
- 7.2.16. show snmp host
- 7.3. RMON
- 8. Traffic Managemant Configuration Guide
2.2.4. permit
Syntax
[sequence <1-65535>] permit interfaces IF_PORTS service (all|http|https|snmp|ssh|telnet)
[sequence <1-65535>] permit ip A.B.C.D/A.B.C.D interfaces IF_PORTS service (all|http|https|snmp|ssh|telnet)
[sequence <1-65535>] permit ipv6 X:X::X:X/<0-128> interfaces IF_PORTS service (all|http|https|snmp|ssh|telnet)
Parameter
<1-65535> (Optional) Specify sequence index of ACL entry, the sequence index represent the priority of an entry in ACL. If not specified, the switch assigns a number from 1 in ascending order.
interfaces IF_PORTS Specify the interface ID or a list of interface IDs.
ip A.B.C.D/A.B.C.D Specify the source IP address and mask of packet.
ipv6 X:X::X:X/<0-128 Specify the source IPv6 address and prefix length of packet.
(all| Specify the type of services. http|https|snmp|ssh|telnet)
Default
No rules are configured.
Mode
Management Access-List Configuration
Usage
Use the permit command to add permit rules that bypass those packets hit the rule.
Example
The following example shows how to add a permit rule to bypass http service packets that source ip is 2.2.2.2 from interface gi1.
Switch(config)# management access-list test
Switch(config-macl)# sequence 2 permit ip 2.2.2.2/255.255.255.255 interfaces gi1 service http