Онлайн-демонстрация
Связаться с нами
- /
- /
- /
- /
Contents
- 1. Preface
- 2. Basic Configuration Guide
- 2.1. Administration
- 2.1.1. configure
- 2.1.2. clear arp
- 2.1.3. clear line
- 2.1.4. enable
- 2.1.5. end
- 2.1.6. exit
- 2.1.7. history
- 2.1.8. hostname
- 2.1.9. interface
- 2.1.10. ip address
- 2.1.11. ip default-gateway
- 2.1.12. ip dhcp
- 2.1.13. ip domain lookup
- 2.1.14. ipv6 autoconfig
- 2.1.15. ipv6 address
- 2.1.16. ipv6 default-gateway
- 2.1.17. ipv6 dhcp
- 2.1.18. ip name-server
- 2.1.19. ip service
- 2.1.20. ip session-timeout
- 2.1.21. ip ssh
- 2.1.22. line
- 2.1.23. reboot
- 2.1.24. enable password
- 2.1.25. exec-timeout
- 2.1.26. password-thresh
- 2.1.27. ping
- 2.1.28. traceroute
- 2.1.29. silent-time
- 2.1.30. system name
- 2.1.31. system contact
- 2.1.32. system location
- 2.1.33. terminal length
- 2.1.34. username
- 2.1.35. show arp
- 2.1.36. show cpu utilization
- 2.1.37. show history
- 2.1.38. show info
- 2.1.39. show ip
- 2.1.40. show ip dhcp
- 2.1.41. show ip http
- 2.1.42. show ipv6
- 2.1.43. show line
- 2.1.44. show memory statistics
- 2.1.45. show privilege
- 2.1.46. show username
- 2.1.47. show users
- 2.1.48. show version
- 2.2. Management ACL
- 2.3. Time
- 2.4. System File
- 2.5. Logging
- 2.6. DHCP Server
- 2.7. Port Mirror
- 2.8. Diagnostic
- 2.1. Administration
- 3. Ethernet Configuration Guide
- 3.1. Port
- 3.2. Port Error Disable
- 3.3. MAC Address Table
- 3.4. VLAN
- 3.4.1. vlan
- 3.4.2. Name (vlan)
- 3.4.3. switchport mode
- 3.4.4. switchport hybrid pvid
- 3.4.5. switchport hybrid ingress-filtering
- 3.4.6. switchport hybrid acceptable-frame-type
- 3.4.7. switchport hybrid allowed vlan
- 3.4.8. switchport access vlan
- 3.4.9. switchport tunnel vlan
- 3.4.10. switchport trunk native vlan
- 3.4.11. switchport trunk allowed vlan
- 3.4.12. switchport default-vlan tagged
- 3.4.13. switchport forbidden default-vlan
- 3.4.14. switchport forbidden vlan
- 3.4.15. switchport vlan tpid
- 3.4.16. management-vlan
- 3.4.17. show vlan
- 3.4.18. show vlan interface membership
- 3.4.19. show interface switchport
- 3.4.20. show management-vlan
- 3.5. MAC VLAN
- 3.6. Protocol VLAN
- 3.7. Voice VLAN
- 3.8. GVRP
- 3.9. Surveillance VLAN
- 3.9.1. surveillance-vlan (Global)
- 3.9.2. surveillance-vlan (per interface)
- 3.9.3. surveillance-vlan vlan
- 3.9.4. surveillance-vlan oui-table
- 3.9.5. surveillance-vlan cos (Global)
- 3.9.6. surveillance-vlan cos (per interface)
- 3.9.7. surveillance-vlan mode
- 3.9.8. surveillance-vlan aging-time
- 3.9.9. show surveillance-vlan
- 3.10. Link Aggregation
- 3.11. Storm Control
- 3.12. Spanning Tree
- 3.12.1. instance (MST)
- 3.12.2. name (MST)
- 3.12.3. revision (MST)
- 3.12.4. spanning-tree mst configuration
- 3.12.5. spanning-tree mst cost
- 3.12.6. spanning-tree mst port-priority
- 3.12.7. spanning-tree mst priority
- 3.12.8. spanning-tree
- 3.12.9. spanning-tree mode
- 3.12.10. spanning-tree bpdu
- 3.12.11. spanning-tree bpdu-filter
- 3.12.12. spanning-tree bpdu-guard
- 3.12.13. spanning-tree cost
- 3.12.14. spanning-tree forward-delay
- 3.12.15. spanning-tree hello-time
- 3.12.16. spanning-tree maximum-age
- 3.12.17. spanning-tree edge
- 3.12.18. spanning-tree link-type
- 3.12.19. spanning-tree max-hops
- 3.12.20. spanning-tree mcheck
- 3.12.21. spanning-tree pathcost method
- 3.12.22. spanning-tree port-priority
- 3.12.23. spanning-tree priority
- 3.12.24. spanning-tree tx-hold-count
- 3.12.25. show spanning-tree
- 3.12.26. show spanning-tree interface
- 3.12.27. show spanning-tree mst
- 3.12.28. show spanning-tree mst interface
- 3.12.29. show spanning-tree mst configuration
- 3.13. UDLD
- 3.14. POE
- 4. IP Routing Configuration Guide
- 5. Multicast Configuration Guide
- 5.1. IGMP Snooping
- 5.1.1. ip igmp snooping
- 5.1.2. ip igmp snooping version
- 5.1.3. ip igmp snooping querier
- 5.1.4. ip igmp snooping vlan
- 5.1.5. ip igmp snooping vlan fastleave
- 5.1.6. ip igmp snooping vlan query-interval
- 5.1.7. ip igmp snooping vlan response-time
- 5.1.8. ip igmp snooping vlan router
- 5.1.9. ip igmp snooping vlan forbidden-port
- 5.1.10. ip igmp snooping vlan static-port
- 5.1.11. ip igmp snooping vlan static-router-port
- 5.1.12. ip igmp snooping vlan static-group
- 5.1.13. ip igmp snooping vlan group
- 5.1.14. ip igmp profile
- 5.1.15. profile range
- 5.1.16. ip igmp filter
- 5.1.17. ip igmp max-groups
- 5.1.18. ip igmp max-groups action
- 5.1.19. clear ip igmp snooping groups
- 5.1.20. clear ip igmp snooping statistics
- 5.1.21. show ip igmp snooping groups counters
- 5.1.22. show ip igmp snooping groups
- 5.1.23. show ip igmp snooping router
- 5.1.24. show ip igmp snooping querier
- 5.1.25. show ip igmp snooping
- 5.1.26. show ip igmp snooping vlan
- 5.1.27. show ip igmp snooping forward-all
- 5.1.28. show ip igmp profile
- 5.1.29. show ip igmp filter
- 5.1.30. show ip igmp max-group
- 5.1.31. show ip igmp max-group action
- 5.2. MLD Snooping
- 5.2.1. ipv6 mld snooping
- 5.2.2. ipv6 mld snooping report-suppression
- 5.2.3. ipv6 mld snooping version
- 5.2.4. ipv6 mld snooping unknown-multicast action
- 5.2.5. ipv6 mld snooping vlan
- 5.2.6. ipv6 mld snooping vlan fastleave
- 5.2.7. ipv6 mld snooping vlan last-member-query-count
- 5.2.8. ipv6 mld snooping vlan last-member-query-interval
- 5.2.9. ipv6 mld snooping vlan query-interval
- 5.2.10. ipv6 mld snooping vlan response-time
- 5.2.11. ipv6 mld snooping vlan router
- 5.2.12. ipv6 mld snooping vlan static-port
- 5.2.13. ipv6 mld snooping vlan forbidden-router-port
- 5.2.14. ipv6 mld snooping vlan static router port
- 5.2.15. ipv6 mld snooping vlan static-group
- 5.2.16. ipv6 mld snooping vlan group
- 5.2.17. ipv6 mld profile
- 5.2.18. profile range
- 5.2.19. ipv6 mld filter
- 5.2.20. ipv6 mld max-groups
- 5.2.21. ipv6 mld max-groups action
- 5.2.22. clear ipv6 mld snooping groups
- 5.2.23. clear ipv6 mld snooping statistics
- 5.2.24. show ipv6 mld snooping groups counters
- 5.2.25. show ipv6 mld snooping groups
- 5.2.26. show ipv6 mld snooping router
- 5.2.27. show ipv6 mld snooping
- 5.2.28. show ipv6 mld snooping vlan
- 5.2.29. show ipv6 mld snooping forward-all
- 5.2.30. show ipv6 mld profile
- 5.2.31. show ipv6 mld filter
- 5.2.32. show ipv6 mld max-group
- 5.2.33. show ipv6 mld max-group action
- 5.3. MVR
- 5.1. IGMP Snooping
- 6. Security Configuration Guide
- 6.1. AAA
- 6.1.1. aaa authentication
- 6.1.2. login authentication
- 6.1.3. ip http login authentication
- 6.1.4. enable authentication
- 6.1.5. show aaa authentication
- 6.1.6. show line lists
- 6.1.7. tacacs default-config
- 6.1.8. tacacs host
- 6.1.9. show tacacs default-config
- 6.1.10. show tacacs
- 6.1.11. radius default-config
- 6.1.12. radius host
- 6.1.13. show radius default-config
- 6.1.14. show radius
- 6.2. Port Security
- 6.3. Authentication Manager
- 6.3.1. authentication
- 6.3.2. authentication (per interface)
- 6.3.3. authentication mac radius
- 6.3.4. authentication mac local
- 6.3.5. authentication guest-vlan
- 6.3.6. authentication guest-vlan (per interface)
- 6.3.7. authentication host-mode
- 6.3.8. authentication max-hosts
- 6.3.9. authentication port-control
- 6.3.10. clear authentication sessions
- 6.3.11. show authentication
- 6.3.12. show authentication sessions
- 6.4. ACL
- 6.5. DOS
- 6.6. DHCP Snooping
- 6.7. Dynamic ARP Inspection
- 6.8. IP Source Guard
- 6.1. AAA
- 7. Network Management Configuration Guide
- 7.1. LLDP
- 7.2. SNMP
- 7.2.1. snmp
- 7.2.2. snmp view
- 7.2.3. snmp group
- 7.2.4. snmp community
- 7.2.5. snmp user
- 7.2.6. snmp engineid
- 7.2.7. snmp engineid remote
- 7.2.8. snmp trap
- 7.2.9. snmp host
- 7.2.10. show snmp view
- 7.2.11. show snmp group
- 7.2.12. show snmp community
- 7.2.13. show snmp user
- 7.2.14. show snmp engineid
- 7.2.15. show snmp trap
- 7.2.16. show snmp host
- 7.3. RMON
- 8. Traffic Managemant Configuration Guide
6.4.2. permit (MAC)
Syntax
[sequence <1-2147483647>] permit (A:B:C:D:E:F/A:B:C:D:E:F|any) (A:B:C:D:E:F/A:B:C:D:E:F|any) [vlan <1-4094>] [cos <0-7>]
[ethtype <0x0600-0xFFFF>]
no sequence <1-2147483647>
Parameter
<1-2147483647> |
(Optional) Specify sequence index of ACE, thesequence index represent the priority of an ACE in ACL. |
(A :B:C:D:E:F/A:B:C:D:E:F|any) |
Specify the source MAC address and mask ofpacket or any MAC address. |
(A :B:C:D:E:F/A:B:C:D:E:F|any) |
Specify the destination MAC address and maskof packet or any MAC address |
[vlan <1-4094>] |
(Optional) Specify the vlan ID of packet. |
[cos <0-7>] |
(Optional) Specify the Class of Service valueand mask of packet. |
[ethtype <0x0600-0xFFFF>] |
(Optional) Specify Ethernet protocol number ofpacket |
Default
No default is defined
Mode
MAC ACL Configuration
Usage
Use the permit command to add permit conditions for a mac ACE that
bypass those packets hit the ACE. The “sequence” also represents hit
priority when ACL bind to an interface. An ACE not specifies
“sequence” index would assign a sequence index which is the largest
existed index plus 20. If packet content can match more than one ACE,
the lowest sequence ACE is hit. An ACE can not be added if has the
same conditions as existed ACE.
Example
The example shows how to add an ACE that permit packets with source MAC address 22:33:44:55:66:77, VLAN 3 and Ethernet type 1999. You can verify settings by the following show acl command
Switch(config)# mac acl test
Switch(mac-al)# sequence 999 permit 22:33:44:55:66:77/FF:FF:FF:FF:FF:FF any vlan 3 ethtype 0x2800
Switch(mac-al)# show acl
MAC access list test
sequence 999 permit 22:33:44:55:66:77/FF:FF:FF:FF:FF:FF any vlan 3 ethtype 0x2800