Онлайн-демонстрация
Связаться с нами
- /
- /
- /
- /
Contents
- 1. Preface
- 2. Basic Configuration Guide
- 2.1. Administration
- 2.1.1. configure
- 2.1.2. clear arp
- 2.1.3. clear line
- 2.1.4. enable
- 2.1.5. end
- 2.1.6. exit
- 2.1.7. history
- 2.1.8. hostname
- 2.1.9. interface
- 2.1.10. ip address
- 2.1.11. ip default-gateway
- 2.1.12. ip dhcp
- 2.1.13. ip domain lookup
- 2.1.14. ipv6 autoconfig
- 2.1.15. ipv6 address
- 2.1.16. ipv6 default-gateway
- 2.1.17. ipv6 dhcp
- 2.1.18. ip name-server
- 2.1.19. ip service
- 2.1.20. ip session-timeout
- 2.1.21. ip ssh
- 2.1.22. line
- 2.1.23. reboot
- 2.1.24. enable password
- 2.1.25. exec-timeout
- 2.1.26. password-thresh
- 2.1.27. ping
- 2.1.28. traceroute
- 2.1.29. silent-time
- 2.1.30. system name
- 2.1.31. system contact
- 2.1.32. system location
- 2.1.33. terminal length
- 2.1.34. username
- 2.1.35. show arp
- 2.1.36. show cpu utilization
- 2.1.37. show history
- 2.1.38. show info
- 2.1.39. show ip
- 2.1.40. show ip dhcp
- 2.1.41. show ip http
- 2.1.42. show ipv6
- 2.1.43. show line
- 2.1.44. show memory statistics
- 2.1.45. show privilege
- 2.1.46. show username
- 2.1.47. show users
- 2.1.48. show version
- 2.2. Management ACL
- 2.3. Time
- 2.4. System File
- 2.5. Logging
- 2.6. DHCP Server
- 2.7. Port Mirror
- 2.8. Diagnostic
- 2.1. Administration
- 3. Ethernet Configuration Guide
- 3.1. Port
- 3.2. Port Error Disable
- 3.3. MAC Address Table
- 3.4. VLAN
- 3.4.1. vlan
- 3.4.2. Name (vlan)
- 3.4.3. switchport mode
- 3.4.4. switchport hybrid pvid
- 3.4.5. switchport hybrid ingress-filtering
- 3.4.6. switchport hybrid acceptable-frame-type
- 3.4.7. switchport hybrid allowed vlan
- 3.4.8. switchport access vlan
- 3.4.9. switchport tunnel vlan
- 3.4.10. switchport trunk native vlan
- 3.4.11. switchport trunk allowed vlan
- 3.4.12. switchport default-vlan tagged
- 3.4.13. switchport forbidden default-vlan
- 3.4.14. switchport forbidden vlan
- 3.4.15. switchport vlan tpid
- 3.4.16. management-vlan
- 3.4.17. show vlan
- 3.4.18. show vlan interface membership
- 3.4.19. show interface switchport
- 3.4.20. show management-vlan
- 3.5. MAC VLAN
- 3.6. Protocol VLAN
- 3.7. Voice VLAN
- 3.8. GVRP
- 3.9. Surveillance VLAN
- 3.9.1. surveillance-vlan (Global)
- 3.9.2. surveillance-vlan (per interface)
- 3.9.3. surveillance-vlan vlan
- 3.9.4. surveillance-vlan oui-table
- 3.9.5. surveillance-vlan cos (Global)
- 3.9.6. surveillance-vlan cos (per interface)
- 3.9.7. surveillance-vlan mode
- 3.9.8. surveillance-vlan aging-time
- 3.9.9. show surveillance-vlan
- 3.10. Link Aggregation
- 3.11. Storm Control
- 3.12. Spanning Tree
- 3.12.1. instance (MST)
- 3.12.2. name (MST)
- 3.12.3. revision (MST)
- 3.12.4. spanning-tree mst configuration
- 3.12.5. spanning-tree mst cost
- 3.12.6. spanning-tree mst port-priority
- 3.12.7. spanning-tree mst priority
- 3.12.8. spanning-tree
- 3.12.9. spanning-tree mode
- 3.12.10. spanning-tree bpdu
- 3.12.11. spanning-tree bpdu-filter
- 3.12.12. spanning-tree bpdu-guard
- 3.12.13. spanning-tree cost
- 3.12.14. spanning-tree forward-delay
- 3.12.15. spanning-tree hello-time
- 3.12.16. spanning-tree maximum-age
- 3.12.17. spanning-tree edge
- 3.12.18. spanning-tree link-type
- 3.12.19. spanning-tree max-hops
- 3.12.20. spanning-tree mcheck
- 3.12.21. spanning-tree pathcost method
- 3.12.22. spanning-tree port-priority
- 3.12.23. spanning-tree priority
- 3.12.24. spanning-tree tx-hold-count
- 3.12.25. show spanning-tree
- 3.12.26. show spanning-tree interface
- 3.12.27. show spanning-tree mst
- 3.12.28. show spanning-tree mst interface
- 3.12.29. show spanning-tree mst configuration
- 3.13. UDLD
- 3.14. POE
- 4. IP Routing Configuration Guide
- 5. Multicast Configuration Guide
- 5.1. IGMP Snooping
- 5.1.1. ip igmp snooping
- 5.1.2. ip igmp snooping version
- 5.1.3. ip igmp snooping querier
- 5.1.4. ip igmp snooping vlan
- 5.1.5. ip igmp snooping vlan fastleave
- 5.1.6. ip igmp snooping vlan query-interval
- 5.1.7. ip igmp snooping vlan response-time
- 5.1.8. ip igmp snooping vlan router
- 5.1.9. ip igmp snooping vlan forbidden-port
- 5.1.10. ip igmp snooping vlan static-port
- 5.1.11. ip igmp snooping vlan static-router-port
- 5.1.12. ip igmp snooping vlan static-group
- 5.1.13. ip igmp snooping vlan group
- 5.1.14. ip igmp profile
- 5.1.15. profile range
- 5.1.16. ip igmp filter
- 5.1.17. ip igmp max-groups
- 5.1.18. ip igmp max-groups action
- 5.1.19. clear ip igmp snooping groups
- 5.1.20. clear ip igmp snooping statistics
- 5.1.21. show ip igmp snooping groups counters
- 5.1.22. show ip igmp snooping groups
- 5.1.23. show ip igmp snooping router
- 5.1.24. show ip igmp snooping querier
- 5.1.25. show ip igmp snooping
- 5.1.26. show ip igmp snooping vlan
- 5.1.27. show ip igmp snooping forward-all
- 5.1.28. show ip igmp profile
- 5.1.29. show ip igmp filter
- 5.1.30. show ip igmp max-group
- 5.1.31. show ip igmp max-group action
- 5.2. MLD Snooping
- 5.2.1. ipv6 mld snooping
- 5.2.2. ipv6 mld snooping report-suppression
- 5.2.3. ipv6 mld snooping version
- 5.2.4. ipv6 mld snooping unknown-multicast action
- 5.2.5. ipv6 mld snooping vlan
- 5.2.6. ipv6 mld snooping vlan fastleave
- 5.2.7. ipv6 mld snooping vlan last-member-query-count
- 5.2.8. ipv6 mld snooping vlan last-member-query-interval
- 5.2.9. ipv6 mld snooping vlan query-interval
- 5.2.10. ipv6 mld snooping vlan response-time
- 5.2.11. ipv6 mld snooping vlan router
- 5.2.12. ipv6 mld snooping vlan static-port
- 5.2.13. ipv6 mld snooping vlan forbidden-router-port
- 5.2.14. ipv6 mld snooping vlan static router port
- 5.2.15. ipv6 mld snooping vlan static-group
- 5.2.16. ipv6 mld snooping vlan group
- 5.2.17. ipv6 mld profile
- 5.2.18. profile range
- 5.2.19. ipv6 mld filter
- 5.2.20. ipv6 mld max-groups
- 5.2.21. ipv6 mld max-groups action
- 5.2.22. clear ipv6 mld snooping groups
- 5.2.23. clear ipv6 mld snooping statistics
- 5.2.24. show ipv6 mld snooping groups counters
- 5.2.25. show ipv6 mld snooping groups
- 5.2.26. show ipv6 mld snooping router
- 5.2.27. show ipv6 mld snooping
- 5.2.28. show ipv6 mld snooping vlan
- 5.2.29. show ipv6 mld snooping forward-all
- 5.2.30. show ipv6 mld profile
- 5.2.31. show ipv6 mld filter
- 5.2.32. show ipv6 mld max-group
- 5.2.33. show ipv6 mld max-group action
- 5.3. MVR
- 5.1. IGMP Snooping
- 6. Security Configuration Guide
- 6.1. AAA
- 6.1.1. aaa authentication
- 6.1.2. login authentication
- 6.1.3. ip http login authentication
- 6.1.4. enable authentication
- 6.1.5. show aaa authentication
- 6.1.6. show line lists
- 6.1.7. tacacs default-config
- 6.1.8. tacacs host
- 6.1.9. show tacacs default-config
- 6.1.10. show tacacs
- 6.1.11. radius default-config
- 6.1.12. radius host
- 6.1.13. show radius default-config
- 6.1.14. show radius
- 6.2. Port Security
- 6.3. Authentication Manager
- 6.3.1. authentication
- 6.3.2. authentication (per interface)
- 6.3.3. authentication mac radius
- 6.3.4. authentication mac local
- 6.3.5. authentication guest-vlan
- 6.3.6. authentication guest-vlan (per interface)
- 6.3.7. authentication host-mode
- 6.3.8. authentication max-hosts
- 6.3.9. authentication port-control
- 6.3.10. clear authentication sessions
- 6.3.11. show authentication
- 6.3.12. show authentication sessions
- 6.4. ACL
- 6.5. DOS
- 6.6. DHCP Snooping
- 6.7. Dynamic ARP Inspection
- 6.8. IP Source Guard
- 6.1. AAA
- 7. Network Management Configuration Guide
- 7.1. LLDP
- 7.2. SNMP
- 7.2.1. snmp
- 7.2.2. snmp view
- 7.2.3. snmp group
- 7.2.4. snmp community
- 7.2.5. snmp user
- 7.2.6. snmp engineid
- 7.2.7. snmp engineid remote
- 7.2.8. snmp trap
- 7.2.9. snmp host
- 7.2.10. show snmp view
- 7.2.11. show snmp group
- 7.2.12. show snmp community
- 7.2.13. show snmp user
- 7.2.14. show snmp engineid
- 7.2.15. show snmp trap
- 7.2.16. show snmp host
- 7.3. RMON
- 8. Traffic Managemant Configuration Guide
6.4.3. deny (MAC)
Syntax
[sequence <1-2147483647>] deny (A:B:C:D:E:F/A:B:C:D:E:Fany) [vlan <1-4094>] [cos <0-7>] [ethtype <0x0600-0xFFFF>] [shutdown] no sequence <1-2147483647>
Parameter
<1-2147483647> |
(Optional) Specify sequenceindex of ACE, the sequence index represent the priority of an ACE in ACL. |
(A:B:C:D:E:F/A:B:C:D:E:F|any) |
Specify the source MAC address and mask of packet or any MAC address. |
[vlan <1-4094>] |
(Optional) Specify the vlan ID of packet. |
[cos <0-7>] |
(Optional) Specify the Classof Service value and mask of packet. |
[ethtype <0x0600-0xFFFF>] |
(Optional) Specify Ethernet protocol number of packet |
[shutdown] |
(Optional) Shutdown interface while ACE hit |
Default
No default is defined.
Mode
MAC ACL Configuration
Usage
Use the deny command to add deny conditions for a mac ACE that drop
those packets hit the ACE. The “sequence” also represents hit priority
when ACL bind to an interface. An ACE not specifies “sequence”
index would assign a sequence index which is the largest existed index
plus 20. If packet content can match more than one ACE, the lowest
sequence ACE is hit. An ACE cannot be added if has the same conditions
as existed ACE. Use “shutdown” to shutdown interface while ACE
hit.
Example
The example shows how to add an ACE that denies packets with destination MAC address aa:bb:cc:xx:xx:xx and VLAN 9. You can verify settings by the following show acl command
Switch(config)# mac acl test
Switch(mac-al)# sequence 30 permit any any
Switch(mac-al)# deny any aa:bb:cc:00:0:00/FF:FF:FF:00:00:00 vlan 9 shutdown
Switch(mac-al)# show acl
MAC access list test
sequence 30 permit any any
sequence 50 deny any AA:BB:CC:00:00:00/FF:FF:FF:00:00:00 vlan 9 shutdown