beautypg.com

Comtrol ES9528-XT User Guide User Manual

Page 174

background image

174 - Security (CLI)

RocketLinx ES9528 and ES9528-XT User Guide: 2000508 Rev. G

Configuration Using the Command Line Interface (CLI)

Port Security (Continued)

Example 1: Edit IP
Extended access list

Switch(config)# ip access-list extended 100

Switch(config-ext-acl)#permit

ip Any Internet Protocol

tcp Transmission Control Protocol

udp User Datagram Protocol

icmp Internet Control Message Protocol

Switch(config-ext-acl)#permit ip

A.B.C.D Source address

any Any source host

host A single source host

Switch(config-ext-acl)#permit ip 192.168.10.1

A.B.C.D Source wildcard bits

Switch(config-ext-acl)#permit ip 192.168.10.1 0.0.0.1

A.B.C.D Destination address

any Any destination host

host A single destination host

Switch(config-ext-acl)#permit ip 192.168.10.1 0.0.0.1

192.168.10.100 0.0.0.1

[IFNAME] Egress interface name

Switch(config-ext-acl)#permit ip 192.168.10.1 0.0.0.1

192.168.10.100 0.0.0.1 gi26

Note: Follow the below rules to configure ip extended access list.

IP Rule

: Permit/Deny Source_IP wildcard Dest_IP wildcard

Egress_Interface

TCP Rule

: Permit/Deny tcp Source_IP wildcard Dest_IP wildcard eq

Given_Port_Number Egress_Interface

UDP Rule

: Permit/Deny udp Source_IP wildcard Dest_IP wildcard eq

Given_Port_Number Egress_Interface

ICMP Rule

: Permit/Deny icmp Source_IP wildcard Dest_IP wildcard

ICMP_Message_Type ICMP_Message_Code Egress_Interface

Add MAC

Switch(config)# mac-address-table static 00C0.4e33.0101 vlan 1

interface fa1

mac-address-table unicast static set ok!

Port Security

Switch(config)# interface fa1

Switch(config-if)# switchport port-security

Disables new MAC addresses learning and aging activities!

Rule:

Add the static MAC, VLAN and Port binding first, then

enable the port security to stop new MAC learning.

Disable Port Security

Switch(config-if)# no switchport port-security

Enable new MAC addresses learning and aging activities!

Display

Switch# show mac-address-table static

Destination Address Address Type Vlan Destination Port

------------------- --------------- ------- ------------

00C0.4e33.0101 Static 1 fa1

This manual is related to the following products:
See also other documents in the category Comtrol Accessories communication: