| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Switch ES1-24 Configuration Guide |
Change a SEFOS User Privilege Level
Configure Network Management From the Web Interface
Configure Network Management From the CLI
Log Out of the Oracle ILOM CLI
Configuring the SEFOS Environment
Enable or Disable the Timeout for Line Connections
Configure the Default IP Address
Configure the IP Address for an Interface
Configure the Name of the Configuration File
Enable or Disable Trap Generation on an Interface
Enable or Disable the Incremental Save Flag
Enable or Disable the Auto Save Flag
Save the Configuration to a File
Copy a Configuration File to a Remote Location
Copy a Configuration File From a Remote Location to Flash
Copy a Configuration File From One Remote Location or Flash to Another Remote Location or Flash
Copy a System Log to a Remote Location
Configuring the Switching Feature
Configuring the Routing Feature
Configure Static Unicast Route Entries
The example in this procedure shows how to block the IP traffic from a host with an IP address of 12.0.0.100. See Basic SEFOS Topology for the topology for this task.
The filter type can be extended or standard. Standard filters filter the traffic based on the source IP address and the destination IP address. Extended filters can also specify the protocol ID, TCP/UDP port numbers, DSCP values, and flow label. In this example, the IP packets with 12.0.0.100 as the source address are filtered.
ACL filters filter packets at the hardware based on certain filtering criteria configured or programmed in the switch. The switch examines each packet to determine if it should be blocked or if it should be forwarded based on the configured access lists. Type the following commands on the SEFOS-1 switch.
See Connect to SEFOS.
SEFOS-1# configure terminal SEFOS-1(config)# interface vlan 1 SEFOS-1(config-if)# shutdown SEFOS-1(config-if)# ip address 12.0.0.1 255.0.0.0 SEFOS-1(config-if)# no shutdown SEFOS-1(config-if)# exit SEFOS-1(config)# interface extreme-ethernet 0/1 SEFOS-1(config-if)# no shutdown SEFOS-1(config-if)# exit SEFOS-1(config)# interface extreme-ethernet 0/2 SEFOS-1(config-if)# no shutdown SEFOS-1(config-if)# exit
SEFOS-1(config)# ip access-list extended 11
SEFOS-1(config-ext-nacl)# deny ip host 12.0.0.100 any SEFOS-1(config-ext-nacl)# end
# ping 12.0.0.17 12.0.0.17 is alive
SEFOS-1(config)# interface extreme-ethernet 0/1 SEFOS-1(config-if)# ip access-group 11 in SEFOS-1(config-if)# exit SEFOS-1(config)# vlan 1 SEFOS-1(config-vlan)# ports extreme-ethernet 0/1 extreme-ethernet 0/2 untagged extreme-ethernet 0/1 extreme-ethernet 0/2
Note - You might see the following message if ports 1 and 2 are already in VLAN 1. If you see this message, you can ignore it.
% Member Ports cannot be added/deleted on Default VLAN SEFOS-1(config-vlan)# end
SEFOS-1# show access-lists ... IP address Type : IPV4 ... In Port List : Ex0/1 ... Filter Action : Deny Status : Active
Packets sent from host A are not forwarded to port 2 because the filter action is set to deny. The ping to 12.0.0.17 from host A fails with no answer from 12.0.0.17.
SEFOS-1# configure terminal SEFOS-1(config)# interface extreme-ethernet 0/1 SEFOS-1(config-if)# no ip access-group 11 in SEFOS-1(config-if)# end SEFOS-1# show access-lists ... Status : InActive
The ping is answered from host B. Packets sent from host A are forwarded to port 2. The following two consecutive ping commands show that the deny filter action set in the ACL list was applied to one port and was removed from another port.
# ping 12.0.0.17 no answer from 12.0.0.17 # ping 12.0.0.17 12.0.0.17 is alive
|