Reference Guide
Table Of Contents
- About this Guide
- Configuration Fundamentals
- Getting Started
- System Management
- Configure Privilege Levels
- Configure Logging
- Log Messages in the Logging Buffer
- Disable System Logging
- Send System Messages to a Syslog Server
- Change System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configure a UNIX Logging Facility Level
- Synchronize Log Messages
- Enable Timestamp on Syslog Messages
- File Transfer Services
- Terminal Lines
- Time out of EXEC Privilege Mode
- Telnet to Another Network Device
- Lock CONFIGURATION mode
- Recovering from a Forgotten Password
- Recovering from a Failed Start
- 802.1ag
- Ethernet CFM
- Maintenance Domains
- Maintenance Points
- Maintenance End Points
- Implementation Information
- Configure CFM
- Enable Ethernet CFM
- Create a Maintenance Domain
- Create a Maintenance Association
- Create Maintenance Points
- Continuity Check Messages
- Loopback Message and Response
- Linktrace Message and Response
- Enable CFM SNMP Traps
- Display Ethernet CFM Statistics
- 802.3ah
- 802.1X
- Protocol Overview
- Configuring 802.1X
- Important Points to Remember
- Enabling 802.1X
- Configuring Request Identity Re-transmissions
- Forcibly Authorize or Unauthorize a Port
- Re-Authenticating a Port
- Configuring Timeouts
- Dynamic VLAN Assignment with Port Authentication
- Guest and Authentication-Fail VLANs
- Multi-Host Authentication
- Multi-Supplicant Authentication
- MAC Authentication Bypass
- Dynamic CoS with 802.1X
- IP Access Control Lists (ACL), Prefix Lists, and Route-maps
- Overview
- IP Access Control Lists (ACLs)
- IP Fragment Handling
- Configure a standard IP ACL
- Configure an extended IP ACL
- Configure Layer 2 and Layer 3 ACLs on an Interface
- Assign an IP ACL to an Interface
- Configure Ingress ACLs
- Configure Egress ACLs
- Configure ACLs to Loopback
- IP Prefix Lists
- ACL Resequencing
- Route Maps
- Important Points to Remember
- Bidirectional Forwarding Detection
- Protocol Overview
- Important Points to Remember
- Configure Bidirectional Forwarding Detection
- Border Gateway Protocol IPv4 (BGPv4)
- Protocol Overview
- BGP Attributes
- Multiprotocol BGP
- Implement BGP with FTOS
- Configuration Information
- BGP Configuration
- Defaults
- Configuration Task List for BGP
- Enable BGP
- Configure AS4 Number Representations
- Configure Peer Groups
- BGP fast fall-over
- Configure passive peering
- Maintain existing AS numbers during an AS migration
- Allow an AS number to appear in its own AS path
- Enable graceful restart
- Filter on an AS-Path attribute
- Redistribute routes
- Configure IP community lists
- Manipulate the COMMUNITY attribute
- Change MED attribute
- Change LOCAL_PREFERENCE attribute
- Change NEXT_HOP attribute
- Change WEIGHT attribute
- Enable multipath
- Filter BGP routes
- Configure BGP route reflectors
- Aggregate routes
- Configure BGP confederations
- Enable route flap dampening
- Change BGP timers
- BGP neighbor soft-reconfiguration
- Route map continue
- MBGP Configuration
- BGP Regular Expression Optimization
- Retain NH in BGP Advertisement
- Debug BGP
- Sample Configurations
- Content Addressable Memory
- Content Addressable Memory
- CAM Profiles
- Microcode
- CAM Profiling for ACLs
- Boot Behavior
- When to Use CAM Profiling
- Important Points to Remember
- Select CAM Profiles
- CAM Allocation
- Test CAM Usage
- View CAM Profiles
- View CAM-ACL settings
- View CAM Usage
- Configuring IPv4Flow Sub-partitions
- Configuring Ingress Layer 2 ACL Sub-partitions
- Return to the Default CAM Configuration
- CAM Optimization
- Applications for CAM Profiling
- Troubleshoot CAM Profiling
- Configuration Replace and Rollback
- Archived Files
- Configuring Configuration Replace and Rollback
- Important Points to Remember
- Enable the Archive Service
- Archive a Configuration File
- Replace the Current Running Configuration
- Roll Back to the Previous Configuration
- Configure an Archive File Maximum
- Configure Auto-archive
- Copy and Delete an Archive File
- View and Edit the Contents of an Archive File
- Dynamic Host Configuration Protocol
- Protocol Overview
- Implementation Information
- Configuration Tasks
- Configure the System to be a DHCP Server
- Configure the System to be a Relay Agent
- Configure Secure DHCP
- Equal Cost Multi-Path
- Force10 Resilient Ring Protocol
- Force10 Service Agent
- Implementation Information
- Configure Force10 Service Agent
- Enable Force10 Service Agent
- Specify an SMTP Server for FTSA
- Providing an Administrator E-mail Address
- FTSA Messaging Service
- FTSA Message Types
- FTSA Policies
- Debug FTSA
- GARP VLAN Registration Protocol
- High Availability
- Internet Group Management Protocol
- IGMP Implementation Information
- IGMP Protocol Overview
- Configuring IGMP
- Viewing IGMP Enabled Interfaces
- Selecting an IGMP Version
- Viewing IGMP Groups
- Adjusting Timers
- Configuring a Static IGMP Group
- Enabling IGMP Immediate-leave
- IGMP Snooping
- Fast Convergence after MSTP Topology Changes
- Designating a Multicast Router Interface
- Interfaces
- Basic Interface Configuration:
- Advanced Interface Configuration:
- Interface Types
- View Basic Interface Information
- Enable a Physical Interface
- Physical Interfaces
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- Port Channel Interfaces
- Port channel definition and standards
- Port channel benefits
- Port channel implementation
- 10/100/1000 Mbps interfaces in port channels
- Configuration task list for port channel interfaces
- Create a port channel
- Add a physical interface to a port channel
- Reassign an interface to a new port channel
- Configure the minimum oper up links in a port channel (LAG)
- Add or remove a port channel from a VLAN
- Assign an IP address to a port channel
- Delete or disable a port channel
- Load balancing through port channels
- E-Series load-balancing
- IPv4, IPv6, and non-IP traffic handling on the E-Series
- C-Series and S-Series load-balancing
- Hash algorithm
- Bulk Configuration
- Interface Range Macros
- Monitor and Maintain Interfaces
- Link Debounce Timer
- Link Dampening
- Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- IPv4 Addressing
- IP Addresses
- Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configurable ARP Retries
- ICMP
- UDP Helper
- Configuring UDP Helper
- Important Points to Remember about UDP Helper
- Enabling UDP Helper
- Configuring a Broadcast Address
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Addressing
- Protocol Overview
- Implementing IPv6 with FTOS
- ICMPv6
- Path MTU Discovery
- IPv6 Neighbor Discovery
- QoS for IPv6
- IPv6 Multicast
- SSH over an IPv6 Transport
- Configuration Task List for IPv6
- Change your CAM-Profile on an E-Series system
- Adjust your CAM-Profile on an C-Series or S-Series
- Assign an IPv6 Address to an Interface
- Assign a Static IPv6 Route
- Telnet with IPv6
- SNMP over IPv6
- Show IPv6 Information
- Show an IPv6 Interface
- Show IPv6 Routes
- Show the Running-Configuration for an Interface
- Clear IPv6 Routes
- Intermediate System to Intermediate System
- Link Aggregation Control Protocol
- Layer 2
- Managing the MAC Address Table
- MAC Learning Limit
- mac learning-limit dynamic
- mac learning-limit station-move
- mac learning-limit no-station-move
- mac learning-limit sticky
- Displaying MAC Learning-Limited Interfaces
- Learning Limit Violation Actions
- Station Move Violation Actions
- Recovering from Learning Limit and Station Move Violations
- Per-VLAN MAC Learning Limit
- NIC Teaming
- Microsoft Clustering
- Configuring Redundant Pairs
- Restricting Layer 2 Flooding
- Far-end Failure Detection
- Link Layer Discovery Protocol
- 802.1AB (LLDP) Overview
- Optional TLVs
- TIA-1057 (LLDP-MED) Overview
- Configuring LLDP
- Important Points to Remember
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring Transmit and Receive Mode
- Configuring a Time to Live
- Debugging LLDP
- Relevant Management Objects
- Multicast Listener Discovery
- Multicast Source Discovery Protocol
- Protocol Overview
- Implementation Information
- Configuring Multicast Source Discovery Protocol
- Enable MSDP
- Manage the Source-active Cache
- Accept Source-active Messages that fail the RFP Check
- Limit the Source-active Messages from a Peer
- Prevent MSDP from Caching a Local Source
- Prevent MSDP from Caching a Remote Source
- Prevent MSDP from Advertising a Local Source
- Log Changes in Peership States
- Terminate a Peership
- Clear Peer Statistics
- Debug MSDP
- MSDP with Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol
- Protocol Overview
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Add and Remove Interfaces
- Create Multiple Spanning Tree Instances
- Influence MSTP Root Selection
- Interoperate with Non-FTOS Bridges
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- Flush MAC Addresses after a Topology Change
- Displaying STP Guard Configuration
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configuration
- Multicast Features
- Object Tracking
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- Implementing OSPF with FTOS
- Configuration Requirements
- Configuration Task List for OSPFv2 (OSPF for IPv4)
- Enable OSPFv2
- Enable Multi-Process OSPF
- Assign an OSPFv2 area
- Enable OSPFv2 on interfaces
- Configure stub areas
- Configure OSPF Stub-Router Advertisement
- Enable passive interfaces
- Enable fast-convergence
- Change OSPFv2 parameters on interfaces
- Enable OSPFv2 authentication
- Enable OSPFv2 graceful restart
- Configure virtual links
- Filter routes
- Redistribute routes
- Troubleshooting OSPFv2
- Sample Configurations for OSPFv2
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enable IPv6 Unicast Routing
- Assign IPv6 addresses on an interface
- Assign Area ID on interface
- Assign OSPFv3 Process ID and Router ID Globally
- Configure stub areas
- Configure Passive-Interface
- Redistribute routes
- Configure a default route
- Enable OSPFv3 graceful restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- PIM Dense-Mode
- PIM Sparse-Mode
- Implementation Information
- Protocol Overview
- Important Points to Remember
- Configure PIM-SM
- Enable PIM-SM
- Configurable S,G Expiry Timers
- Configure a Static Rendezvous Point
- Elect an RP using the BSR Mechanism
- Configure a Designated Router
- Create Multicast Boundaries and Domains
- Set a Threshold for Switching to the SPT
- PIM-SM Graceful Restart
- First Packet Forwarding for Lossless Multicast
- Monitoring PIM
- PIM-SM and IGMP Snooping: Usage Notes
- PIM-SM Snooping
- PIM Source-Specific Mode
- Power over Ethernet
- Policy-based Routing
- Port Monitoring
- Private VLANs
- Per-VLAN Spanning Tree Plus
- Protocol Overview
- Implementation Information
- Configure Per-VLAN Spanning Tree Plus
- Enable PVST+
- Modify Global PVST+ Parameters
- Modify Interface PVST+ Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- PVST+ in Multi-vendor Networks
- PVST+ Extended System ID
- Displaying STP Guard Configuration
- PVST+ Sample Configurations
- Quality of Service
- Implementation Information
- Port-based QoS Configurations
- Policy-based QoS Configurations
- QoS Rate Adjustment
- Strict-priority Queueing
- Weighted Random Early Detection
- Allocating Bandwidth to Multicast Queues
- Pre-calculating Available QoS CAM Space
- Viewing QoS CAM Entries
- Routing Information Protocol
- Remote Monitoring
- Rapid Spanning Tree Protocol
- Protocol Overview
- Configuring Rapid Spanning Tree
- Important Points to Remember
- Configure Interfaces for Layer 2 Mode
- Enable Rapid Spanning Tree Protocol Globally
- Add and Remove Interfaces
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Influence RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Fast Hellos for Link State Detection
- Configure a Root Guard
- Configure a Loop Guard
- Displaying STP Guard Configuration
- Security
- Service Provider Bridging
- VLAN Stacking
- VLAN Stacking Packet Drop Precedence
- Dynamic Mode CoS for VLAN Stacking
- Layer 2 Protocol Tunneling
- Provider Backbone Bridging
- sFlow
- Simple Network Management Protocol
- Protocol Overview
- Implementation Information
- Configure Simple Network Management Protocol
- Important Points to Remember
- Create a Community
- Read Managed Object Values
- Write Managed Object Values
- Configure Contact and Location Information using SNMP
- Subscribe to Managed Object Value Updates using SNMP
- Copy Configuration Files Using SNMP
- Manage VLANs using SNMP
- Enable and Disable a Port using SNMP
- Fetch Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-channels
- Troubleshooting SNMP Operation
- SONET/SDH
- Stacking S-Series Switches
- Broadcast Storm Control
- Spanning Tree Protocol
- Protocol Overview
- Configuring Spanning Tree
- Related Configuration Tasks
- Important Points to Remember
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling PortFast
- Preventing Network Disruptions with BPDU Guard
- STP Root Selection
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Configuring Spanning Trees as Hitless
- STP Loop Guard
- Displaying STP Guard Configuration
- System Time and Date
- Uplink Failure Detection (UFD)
- Upgrade Procedures
- VLAN
- Virtual Routing and Forwarding (VRF)
- Virtual Router Redundancy Protocol (VRRP)
- FTOS XML Feature
- C-Series Debugging and Diagnostics
- E-Series TeraScale Debugging and Diagnostics
- S-Series Debugging and Diagnostics
- Standards Compliance
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 143
Figure 8-6. Command Example: show ip accounting access-list
To delete a filter, enter the show config command in the IP ACCESS LIST mode and locate the sequence
number of the filter you want to delete. Then use the
no seq sequence-number command in the IP ACCESS
LIST mode.
Configure an extended IP ACL
Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP
host addresses, UDP addresses, and UDP host addresses.
Since traffic passes through the filter in the order of the filter’s sequence, you can configure the extended
IP ACL by first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter.
Configure filters with sequence number
To create a filter for packets with a specified sequence number, use these commands in the following
sequence, starting in the CONFIGURATION mode:
Note: On E-Series ExaScale systems, TCP ACL flags are not supported in standard or extended ACLs
with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered
with a TCP filter included.
FTOS(conf-ipv6-acl)#seq 8 permit tcp any any urg
May 5 08:32:34: %E90MJ:0 %ACL_AGENT-2-ACL_AGENT_ENTRY_ERROR: Unable to write seq 8 of
list test as individual TCP flags are not supported on linecard 0
Step Command Syntax Command Mode Purpose
1
ip access-list extended
access-list-name
CONFIGURATION Enter the IP ACCESS LIST mode by creating
an extended IP ACL.
FTOS#show ip accounting access example interface gig 4/12
Extended IP access list example
seq 10 deny tcp any any eq 111
seq 15 deny udp any any eq 111
seq 20 deny udp any any eq 2049
seq 25 deny udp any any eq 31337
seq 30 deny tcp any any range 12345 12346
seq 35 permit udp host 10.21.126.225 10.4.5.0 /28
seq 40 permit udp host 10.21.126.226 10.4.5.0 /28
seq 45 permit udp 10.8.0.0 /16 10.50.188.118 /31 range 1812 1813
seq 50 permit tcp 10.8.0.0 /16 10.50.188.118 /31 eq 49
seq 55 permit udp 10.15.1.0 /24 10.50.188.118 /31 range 1812 1813