Users Guide
Table Of Contents
- Dell EMC SmartFabric OS10 User Guide Release 10.5.0
- Contents
- 更改历史记录
- 系统
- CLI 基本信息
- CONFIGURATION 模式
- 检查设备状态
- 命令帮助
- 候选配置
- 复制正在运行的配置
- 还原启动配置
- 重新加载系统映像
- 筛选 show 命令
- 常见 OS10 命令
- boot
- commit
- configure
- copy
- delete
- dir
- discard
- do
- end
- exit
- hostname
- license
- lock
- management route
- move
- no
- ping
- ping6
- reload
- show boot
- show candidate-configuration
- show environment
- show inventory
- show ip management-route
- show ipv6 management-route
- show license status
- show running-configuration
- show startup-configuration
- show system
- show version
- start
- 系统
- system-cli disable
- system-user linuxadmin disable
- system identifier
- terminal
- traceroute
- unlock
- username password role
- write
- 高级 CLI 任务
- 零接触部署
- OS10 调配
- SmartFabric 服务
- SmartFabric Director
- 系统管理
- 系统横标
- 用户会话管理
- Telnet 服务器
- 简单网络管理协议
- 系统时钟
- 网络时间协议
- 动态主机配置协议
- 数据包格式和选项
- DHCP 服务器
- 自动地址分配
- 主机名称解析
- 手动绑定条目
- DHCP 中继代理
- 查看 DHCP 信息
- 系统域名和列表
- DHCP 侦听
- DHCP 命令
- DHCP 侦听命令
- arp inspection
- arp inspection-trust
- arp inspection violation logging
- clear ip arp inspection statistics
- clear ip dhcp snooping binding
- ip dhcp snooping(全局)
- ip dhcp snooping(接口)
- ip dhcp snooping binding
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip arp inspection database
- show ip arp inspection statistics
- show ip arp inspection logging
- show ip dhcp snooping binding
- DNS 命令
- IPv4 DHCP 限制
- 接口
- 以太网接口
- 统一端口组
- Z9264F-ON port-group profiles
- S5200F-ON 交换机上的端口组
- L2 模式配置
- L3 模式配置
- 光纤通道接口
- 管理接口
- VLAN 接口
- 用户配置的默认 VLAN
- VLAN 扩展配置文件
- 环回接口
- 端口通道接口
- 配置接口范围
- 交换机端口配置文件
- 在接口上配置协商模式
- 配置分解模式
- 分解自动配置
- 重置默认配置
- 转发纠错
- 节能以太网
- 查看接口配置
- 数字光学监控
- 接口命令
- channel-group
- default interface
- default vlan-id
- description (Interface)
- duplex
- enable dom
- enable dom traps
- feature auto-breakout
- fec
- interface breakout
- interface ethernet
- interface loopback
- interface mgmt
- interface null
- interface port-channel
- interface range
- interface vlan
- link-bundle-utilization
- mode
- mode l3
- mtu
- negotiation
- port mode Eth
- port-group
- profile
- scale-profile vlan
- show discovered-expanders
- show interface
- show interface transceiver “Tunable wavelength”
- show inventory media
- show link-bundle-utilization
- show port-channel summary
- show port-group
- show switch-port-profile
- show system
- show unit-provision
- show vlan
- shutdown
- speed(光纤通道)
- speed(管理)
- switch-port-profile
- switchport access vlan
- switchport mode
- switchport trunk allowed vlan
- unit-provision
- wavelength
- PowerEdge MX 以太网 I/O 模块
- 光纤通道
- 第 2 层
- 802.1X
- 远端故障检测
- 链路聚合控制协议
- 链路层发现协议
- 可选的 TLV
- 基本 TLV
- 组织特定的 TLV
- 介质端点查找
- 网络连接设备
- LLDP-MED 功能 TLV
- 网络策略 TLV
- 定义网络策略
- 数据包计时器值
- 禁用和启用 LLDP
- 在管理端口上禁用和启用 LLDP
- 通告 TLV
- 网络策略通告
- 快速启动重复计数
- 查看 LLDP 配置
- 相邻代理通告
- 生存时间
- VLT 域中的通告管理地址 TLV
- LLDP 命令
- clear lldp counters
- clear lldp table
- lldp enable
- lldp holdtime-multiplier
- lldp med fast-start-repeat-count
- lldp med
- lldp med network-policy
- lldp med network-policy (Interface)
- lldp med tlv-select
- lldp port-description-tlv advertise
- lldp receive
- lldp reinit
- lldp timer
- lldp tlv-select basic-tlv
- lldp management-addr-tlv virtual-ip
- lldp tlv-select dot1tlv
- lldp tlv-select dot3tlv
- lldp transmit
- lldp vlan-name-tlv allowed vlan
- show lldp interface
- show lldp errors
- show lldp med
- show lldp neighbors
- show lldp timers
- show lldp tlv-select interface
- show lldp traffic
- show nework-policy profile
- 介质访问控制
- 生成树协议
- EdgePort
- 生成树扩展
- 从 BPDU 防护违规中恢复
- MAC 刷新优化
- 调试配置
- 为快速状态转移设置生成树链接类型
- 常见的 STP 命令
- clear spanning-tree counters
- debug spanning-tree
- errdisable detect cause bpduguard
- errdisable recovery cause bpduguard
- errdisable recovery interval
- clear spanning-tree detected-protocol
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree disable
- spanning-tree guard
- spanning-tree link-type
- spanning-tree mac-flush-timer
- spanning-tree mode
- spanning-tree port
- show errdisable
- show spanning-tree interface
- Rapid per-VLAN spanning-tree plus
- 负载均衡和根选择
- 启用 RPVST+
- 选择根桥
- 根分配
- 全局参数
- RPVST+ 命令
- show spanning-tree vlan
- spanning-tree vlan cost
- spanning-tree vlan disable
- spanning-tree vlan forward-time
- spanning-tree vlan force-version
- spanning-tree vlan hello-time
- spanning-tree vlan mac-flush-threshold
- spanning-tree vlan max-age
- spanning-tree vlan priority
- spanning-tree vlan priority(接口)
- spanning-tree vlan root
- 快速生成树协议
- 多个生成树
- 配置 MSTP
- 创建实例
- 根选择
- 非 Dell EMC 硬件
- 区域名称或版本
- 修改参数
- 接口参数
- MST 命令
- instance
- name
- revision
- spanning-tree mst
- spanning-tree msti
- spanning-tree mst configuration
- spanning-tree mst disable
- spanning-tree mst force-version
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst mac-flush-threshold
- spanning-tree mst max-age
- spanning-tree mst max-hops
- show spanning-tree mst
- show spanning-tree msti
- 虚拟 LAN
- 端口监控
- 第 3 层
- 虚拟路由和转发
- 双向转发检测
- 边界网关协议
- 会话和对等
- 路由反射器
- 多协议 BGP
- 属性
- 选择条件
- 权重和本地首选项
- 复合鉴别器
- 来源
- AS 路径和下一跳
- 最佳路径选择
- 更多路径支持
- 通告成本
- 4 字节 AS 编号
- AS 编号迁移
- 正常重新启动
- 配置边界网关协议
- 启用 BGP
- 禁用 ASN 值的通知
- 配置双堆栈
- 配置管理距离
- 对等模板
- 邻居故障切换
- 配置密码
- 快速外部故障切换
- 被动对等
- 本地 AS
- AS 编号限制
- 重新分发路由
- 其他路径
- MED 属性
- 本地首选项属性
- 权重属性
- 启用多路径
- 路由映射筛选器
- 路由反射器群集
- 聚合路由
- 联盟
- 路由抑制
- 计时器
- 邻居软重新配置
- 重新分发 iBGP 路由到 OSPF
- 调试 BGP
- BGP 命令
- activate
- add-path
- address-family
- advertisement-interval
- advertisement-start
- aggregate-address
- allowas-in
- always-compare-med
- as-notation
- bestpath as-path
- bestpath med
- bestpath router-id
- clear ip bgp
- clear ip bgp *
- clear ip bgp dampening
- clear ip bgp flap-statistics
- connection-retry-timer
- confederation
- client-to-client
- cluster-id
- bgp dampening
- debug ip bgp
- description
- default-metric
- default-originate
- distance bgp
- distribute-list
- bgp 默认本地-首选项
- ebgp-multihop
- enforce-first-as
- fall-over
- fast-external-fallover
- graceful-restart
- inherit template
- listen
- local-as
- log-neighbor-changes
- maximum-paths
- maximum-prefix
- neighbor
- next-hop-self
- non-deterministic-med
- outbound-optimization
- password
- redistribute
- remote-as
- remove-private-as
- route-map
- route-reflector-client
- router bgp
- router-id
- send-community
- sender-side-loop-detection
- show ip bgp
- show ip bgp dampened-paths
- show ip bgp flap-statistics
- show ip bgp ipv4 unicast
- show ip bgp ipv6 unicast
- show ip bgp neighbors
- show ip bgp peer-group
- show ip bgp summary
- show ip route
- show ipv6 route
- 软重新配置入站
- template
- timers
- vrf
- weight
- 同等成本多路径
- IPv4 路由
- IPv6 路由
- 启用或禁用 IPv6
- IPv6 地址
- 无状态自动配置
- 邻居查找
- 重复地址查找
- 静态 IPv6 路由
- IPv6 目标无法访问
- IPv6 逐跳选项
- 查看 IPv6 信息
- IPv6 命令
- clear ipv6 neighbors
- clear ipv6 route
- ipv6 address
- ipv6 address autoconfig
- ipv6 address dhcp
- ipv6 enable
- ipv6 address eui-64
- ipv6 address link-local
- ipv6 hop-by-hop
- ipv6 nd dad
- ipv6 nd hop-limit
- ipv6 nd managed-config-flag
- ipv6 nd max-ra-interval
- ipv6 nd mtu
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd retrans-timer
- ipv6 nd send-ra
- ipv6 route
- ipv6 unreachables
- show ipv6 neighbors
- show ipv6 route
- show ipv6 interface brief
- 首先打开最短路径
- 自治系统区域
- 区域、网络和邻居
- 路由器类型
- 指定和备份指定的路由器
- 链路状态通告
- 路由器优先级
- 最短路径优先限制
- OSPFv2
- 启用 OSPFv2
- 在非默认 VRF 实例中启用 OSPFv2
- 分配路由器标识符
- 存根区域
- 被动接口
- 快速聚合
- 接口参数
- 重新分发路由
- 默认路由
- 摘要地址
- 正常重新启动
- OSPFv2 身份验证
- OSPFv2 故障处理
- 调试 OSPF
- OSPFv2 命令
- area default-cost
- area nssa
- area range
- area stub
- auto-cost reference-bandwidth
- clear ip ospf process
- clear ip ospf statistics
- debug ip ospfv2
- default-information originate
- default-metric
- fast-converge
- graceful-restart
- ip ospf area
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf mtu-ignore
- ip ospf network
- ip ospf passive
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log-adjacency-changes
- max-metric router-lsa
- maximum-paths
- redistribute
- router-id
- router ospf
- show ip ospf
- show ip ospf asbr
- show ip ospf database
- show ip ospf database asbr-summary
- show ip ospf database external
- show ip ospf database network
- show ip ospf database nssa external
- show ip ospf database opaque-area
- show ip ospf database opaque-as
- show ip ospf database opaque-link
- show ip ospf database router
- show ip ospf database summary
- show ip ospf interface
- show ip ospf routes
- show ip ospf statistics
- show ip ospf topology
- summary-address
- timers lsa arrival
- timers spf
- timers throttle lsa all
- OSPFv3
- 启用 OSPFv3
- 在非默认 VRF 实例中启用 OSPFv3
- 分配路由器 ID
- 配置存根区域
- 启用被动接口
- 接口 OSPFv3 参数
- 默认路由
- OSPFv3 IPsec 身份验证和加密
- OSPFv3 故障处理
- OSPFv3 命令
- area authentication
- area encryption
- area stub
- auto-cost reference-bandwidth
- clear ipv6 ospf process
- clear ipv6 ospf statistics
- debug ip ospfv3
- default-information originate
- ipv6 ospf area
- ipv6 ospf authentication
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf encryption
- ipv6 ospf hello-interval
- ipv6 ospf network
- ipv6 ospf passive
- ipv6 ospf priority
- log-adjacency-changes
- maximum-paths
- redistribute
- router-id
- router ospfv3
- show ipv6 ospf
- show ipv6 ospf database
- show ipv6 ospf interface
- show ipv6 ospf neighbor
- show ipv6 ospf statistics
- timers spf (OSPFv3)
- 对象跟踪管理器
- 基于策略的路由
- 虚拟路由器冗余协议
- 多播
- 重要事项
- 配置多播路由
- 未知的多播泛洪控制
- 多播命令
- 互联网组管理协议
- 标准合规性
- 重要事项
- 支持的 IGMP 版本
- 查询间隔
- 最后成员查询间隔
- 最长响应时间
- IGMP 即时离开
- 选择 IGMP 版本
- 查看已启用 IGMP 的接口和组
- IGMP 侦听
- IGMP 命令
- clear ip igmp groups
- ip igmp immediate-leave
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-resp-time
- ip igmp snooping enable
- ip igmp snooping
- ip igmp snooping fast-leave
- ip igmp snooping last-member-query-interval
- ip igmp snooping mrouter
- ip igmp snooping querier
- ip igmp snooping query-interval
- ip igmp snooping query-max-resp-time
- ip igmp version
- show ip igmp groups
- show ip igmp interface
- show ip igmp snooping groups
- show ip igmp snooping interface
- show ip igmp snooping mrouter
- 多播侦听器发现协议
- MLD 侦听
- MLD 侦听命令
- ipv6 mld snooping
- ipv6 mld snooping enable
- ipv6 mld snooping fast-leave
- ipv6 mld snooping last-member-query-interval
- ipv6 mld snooping mrouter
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld query-max-resp-time
- ipv6 mld version
- show ipv6 mld snooping groups
- show ipv6 mld snooping groups detail
- show ipv6 mld snooping interface
- show ipv6 mld snooping mrouter
- 协议独立多播
- PIM 术语
- 标准合规性
- PIM-SM
- PIM-SSM
- 为 S、G 条目配置到期计时器
- Configure static rendezvous point
- 使用 BSR 机制配置动态 RP
- 配置指定的路由器优先级
- PIM 命令
- clear ip pim tib
- ip multicast-routing
- ip pim bsr-candidate
- ip pim bsr-candidate-timers
- ip pim bsr-timeout
- ip pim dr-priority
- ip pim query-interval
- ip pim rp-address
- ip pim rp-candidate
- ip pim rp-candidate-timers
- ip pim sparse-mode
- ip pim sparse-mode sg-expiry-timer
- ip pim ssm-range
- show ip pim bsr-router
- show ip pim interface
- show ip pim mcache
- show ip pim neighbor
- show ip pim rp
- show ip pim ssm-range
- show ip pim summary
- show ip pim tib
- show ip rpf
- PIM-SM 示例配置
- PIM-SSM 示例配置
- 多播 VRF 配置示例
- VLT 多播路由
- VXLAN
- VXLAN 概念
- VXLAN 即 NVO 解决方案
- 配置 VXLAN
- L3 VXLAN 路由扩展
- VTEP 上的 DHCP 中继
- 查看 VXLAN 配置
- VXLAN MAC 地址
- VXLAN 命令
- hardware overlay-routing-profile
- interface virtual-network
- ip virtual-router address
- ip virtual-router mac-address
- member-interface
- nve
- remote-vtep
- show hardware overlay-routing-profile mode
- show interface virtual-network
- show nve remote-vtep
- show nve remote-vtep counters
- show nve vxlan-vni
- show virtual-network
- show virtual-network counters
- show virtual-network interface counters
- show virtual-network interface
- show virtual-network vlan
- show vlan (virtual network)
- source-interface loopback
- virtual-network
- virtual-network untagged-vlan
- vxlan-vni
- VXLAN MAC 命令
- clear mac address-table dynamic nve remote-vtep
- clear mac address-table dynamic virtual-network
- show mac address-table count extended
- show mac address-table count nve
- show mac address-table count virtual-network
- show mac address-table extended
- show mac address-table nve
- show mac address-table virtual-network
- 示例:VXLAN 和静态 VTEP
- BGP EVPN for VXLAN
- 控制器调配的 VXLAN
- UFT 模式
- 安全性
- AAA 身份验证
- 用户重新身份验证
- 密码强度
- 简单密码检查
- 隐匿密码
- 基于角色的访问控制
- 分配用户角色
- 引导加载程序保护
- Linux 管理员用户配置
- AAA 身份验证
- RADIUS 身份验证
- RADIUS over TLS 身份验证
- TACACS+ 身份验证
- 未知用户角色
- SSH 服务器
- 虚拟终端行 ACL
- 限制 SNMP 访问
- 启用 AAA 核算
- 启用用户锁定
- 限制并发登录会话
- 启用登录统计信息
- 权限级别
- 审核日志
- 安全命令
- aaa accounting
- aaa authentication login
- aaa re-authenticate enable
- boot protect disable username
- boot protect enable username password
- clear logging audit
- crypto ssh-key generate
- disable
- enable
- enable password priv-lvl
- ip access-class
- ip radius source-interface
- ip tacacs source-interface
- ipv6 access-class
- ip ssh server challenge-response-authentication
- ip ssh server cipher
- ip ssh server enable
- ip ssh server hostbased-authentication
- ip ssh server kex
- ip ssh server mac
- ip ssh server password-authentication
- ip ssh server port
- ip ssh server pubkey-authentication
- ip ssh server vrf
- line vty
- logging audit enable
- login concurrent-session limit
- login-statistics enable
- mac address-table static
- password-attributes
- password-attributes max-retry lockout-period
- privilege
- radius-server host
- radius-server host tls
- radius-server retransmit
- radius-server timeout
- radius-server vrf
- service obscure-password
- service simple-password
- show boot protect
- show crypto ssh-key
- show ip ssh
- show mac address-table count
- show logging audit
- show login-statistics
- show privilege
- show running-configuration privilege
- show users
- system-user linuxadmin disable
- system-user linuxadmin password
- tacacs-server host
- tacacs-server timeout
- tacacs-server vrf
- username password role
- username sshkey
- username sshkey filename
- userrole inherit
- X.509v3 证书
- X.509v3 概念
- 公钥基础设施
- 管理 CA 证书
- 证书吊销
- 请求并安装主机证书
- 自签名证书
- 安全配置文件
- 群集安全
- X.509v3 命令
- certificate
- cluster security-profile
- crypto ca-cert delete
- crypto ca-cert install
- crypto cdp add
- crypto cdp delete
- crypto cert delete
- crypto cert generate
- crypto cert install
- crypto crl delete
- crypto crl install
- crypto fips enable
- crypto security-profile
- peer-name-check
- revocation-check
- show crypto ca-certs
- show crypto cdp
- show crypto cert
- show crypto crl
- 示例:使用 X.509v3 证书配置 RADIUS over TLS
- OpenFlow
- 访问控制列表
- IP ACL
- MAC ACL
- 控制平面 ACL
- IP 片段处理
- L3 ACL 规则
- 为筛选器分配序列号
- 删除 ACL 规则
- L2 和 L3 ACL
- 分配和应用 ACL 筛选器
- 入口 ACL 筛选器
- 出口 ACL 筛选器
- VTY ACL
- SNMP ACL
- 清除访问列表计数器
- IP 前缀列表
- 路由映射
- 匹配路由
- 设置条件
- Continue 子句
- 基于 ACL 流的监控
- 启用基于流的监控
- 查看 ACL 表利用率报告
- ACL 日志记录
- ACL 命令
- clear ip access-list counters
- clear ipv6 access-list counters
- clear mac access-list counters
- deny
- deny (IPv6)
- deny (MAC)
- deny icmp
- deny icmp (IPv6)
- deny ip
- deny ipv6
- deny tcp
- deny tcp (IPv6)
- deny udp
- deny udp (IPv6)
- description
- ip access-group
- ip access-list
- ip as-path access-list
- ip community-list standard deny
- ip community–list standard permit
- ip extcommunity-list standard deny
- ip extcommunity-list standard permit
- ip prefix-list description
- ip prefix-list deny
- ip prefix-list permit
- ip prefix-list seq deny
- ip prefix-list seq permit
- ipv6 access-group
- ipv6 access-list
- ipv6 prefix-list deny
- ipv6 prefix-list description
- ipv6 prefix-list permit
- ipv6 prefix-list seq deny
- ipv6 prefix-list seq permit
- mac access-group
- mac access-list
- permit
- permit (IPv6)
- permit (MAC)
- permit icmp
- permit icmp (IPv6)
- permit ip
- permit ipv6
- permit tcp
- permit tcp (IPv6)
- permit udp
- permit udp (IPv6)
- remark
- seq deny
- seq deny (IPv6)
- seq deny (MAC)
- seq deny icmp
- seq deny icmp (IPv6)
- seq deny ip
- seq deny ipv6
- seq deny tcp
- seq deny tcp (IPv6)
- seq deny udp
- seq deny udp (IPv6)
- seq permit
- seq permit (IPv6)
- seq permit (MAC)
- seq permit icmp
- seq permit icmp (IPv6)
- seq permit ip
- seq permit ipv6
- seq permit tcp
- seq permit tcp (IPv6)
- seq permit udp
- seq permit udp (IPv6)
- show access-group
- show access-lists
- show acl-table-usage detail
- show ip as-path-access-list
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- 显示日志记录访问列表
- 路由映射命令
- continue
- match as-path
- match community
- match extcommunity
- match interface
- match ip address
- match ip next-hop
- match ipv6 address
- match ipv6 next-hop
- match metric
- match origin
- match route-type
- match tag
- route-map
- set comm-list add
- set comm-list delete
- set community
- set extcomm-list add
- set extcomm-list delete
- set extcommunity
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show route-map
- 服务质量
- 配置服务质量
- 入口流量类别
- 出口流量类别
- 监察流量
- 标记流量
- 颜色流量
- 修改数据包字段
- 整形流量
- 带宽分配
- 严格优先级队列
- 速率调整
- 缓冲区管理
- 拥塞规避
- 风暴控制
- RoCE 实现更快的访问和无损连接
- 端口到端口管道和 MMU 映射
- QoS 命令
- bandwidth
- buffer-statistics-tracking
- class
- class-map
- clear qos statistics
- clear qos statistics type
- control-plane
- control-plane-buffer-size
- flowcontrol
- hardware deep-buffer-mode
- match
- match cos
- match dscp
- match precedence
- 匹配队列
- match vlan
- mtu
- pause
- pfc-cos
- pfc-max-buffer-size
- pfc-shared-buffer-size
- pfc-shared-headroom-buffer-size
- police
- policy-map
- priority
- priority-flow-control mode
- qos-group dot1p
- qos-group dscp
- qos-map traffic-class
- qos-rate-adjust
- queue-limit
- queue bandwidth
- queue qos-group
- queue qos-group (Z9332F-ON)
- random-detect (interface)
- random-detect (queue)
- random-detect color
- random-detect ecn
- random-detect ecn
- random-detect pool
- random-detect weight
- service-policy
- set cos
- set dscp
- set qos-group
- shape
- show class-map
- show control-plane buffers
- show control-plane buffer-stats
- show control-plane info
- show control-plane statistics
- show hardware deep-buffer-mode
- show interface priority-flow-control
- show qos interface
- show policy-map
- show qos control-plane
- show qos egress buffers interface
- show qos egress buffer-statistics-tracking
- show qos egress buffer-stats interface
- show qos headroom-pool buffer-statistics-tracking
- show qos ingress buffers interface
- show qos ingress buffer-statistics-tracking
- show qos ingress buffer-stats interface
- show qos maps
- show qos maps (Z9332F-ON)
- show qos port-map details
- show qos-rate-adjust
- show qos service-pool buffer-statistics-tracking
- show qos system
- show qos system buffers
- show qos wred-profile
- show queuing statistics
- system qos
- trust dot1p-map
- trust dscp-map
- trust-map
- wred
- 虚拟链路中继
- 术语
- VLT 域
- VLT 互连
- 正常 LACP 和 VLT
- 配置 VLT
- 配置 VRRP 主动-主动模式
- 通过 eVLT 在数据中心之间迁移虚拟机
- 查看 VLT 信息
- VLT 命令
- backup destination
- delay-restore
- discovery-interface
- peer-routing
- peer-routing-timeout
- primary-priority
- show running-configuration vlt
- show spanning-tree virtual-interface
- show vlt
- show vlt backup-link
- show vlt mac-inconsistency
- show vlt mismatch
- show vlt role
- show vlt vlt-port-detail
- vlt-domain
- vlt-port-channel
- vlt-mac
- vrrp mode active-active
- 上行链路故障检测
- 聚合数据中心服务
- sFlow
- 遥测
- RESTCONF API
- OS10 故障处理
- 诊断工具
- 恢复 Linux 密码
- 恢复 OS10 用户名密码
- 还原出厂默认设置
- SupportAssist
- 支持套装
- 系统监控
- 登录 OS10 设备
- 常见问题
- 支持资源
分配和应用 ACL 筛选器
要筛选以太网接口、端口通道接口或 VLAN,请将 IP ACL 筛选器分配给相应的接口。IP ACL 适用于进入物理、端口通道或
VLAN 接口的所有流量。流量可以随 ACL 筛选器中配置的条件和操作进行转发或丢弃。
要更改 ACL 筛选器功能,请将相同的 ACL 筛选器应用到不同的接口。例如,获取 ACL“ABCD”并使用 in 关键字进行应用,它
将成为入口 ACL。如果使用 out 关键字应用相同的 ACL 筛选器,则它将成为出口 ACL。
您可以将 IP ACL 筛选器应用到物理、端口通道或 VLAN 接口。允许的 ACL 筛选器数量与硬件相关。
1. 在 CONFIGURATION 模式下输入接口信息。
interface ethernet node/slot/port
2. 在 INTERFACE 模式下配置接口的 IP 地址,将其置于 L3 模式。
ip address ip-address
3. 在 INTERFACE 模式下,将 IP ACL 筛选器应用于进入或退出接口的流量。
ip access-group access-list-name {in | out}
配置 IP ACL
OS10(config)# interface ethernet 1/1/28
OS10(conf-if-eth1/1/28)# ip address 10.1.2.0/24
OS10(conf-if-eth1/1/28)# ip access-group abcd in
查看应用到接口的 ACL 筛选器
OS10# show ip access-lists in
Ingress IP access-list acl1
Active on interfaces :
ethernet1/1/28
seq 10 permit ip host 10.1.1.1 host 100.1.1.1 count (0 packets)
seq 20 deny ip host 20.1.1.1 host 200.1.1.1 count (0 packets)
seq 30 permit ip 10.1.2.0/24 100.1.2.0/24 count (0 packets)
seq 40 deny ip 20.1.2.0/24 200.1.2.0/24 count (0 packets)
seq 50 permit ip 10.0.3.0 255.0.255.0 any count (0 packets)
seq 60 deny ip 20.0.3.0 255.0.255.0 any count (0 packets)
seq 70 permit tcp any eq 1000 100.1.4.0/24 eq 1001 count (0 packets)
seq 80 deny tcp any eq 2100 200.1.4.0/24 eq 2200 count (0 packets)
seq 90 permit udp 10.1.5.0/28 eq 10000 any eq 10100 count (0 packets)
seq 100 deny tcp host 20.1.5.1 any rst psh count (0 packets)
seq 110 permit tcp any any fin syn rst psh ack urg count (0 packets)
seq 120 deny icmp 20.1.6.0/24 any fragment count (0 packets)
seq 130 permit 150 any any dscp 63 count (0 packets)
要查看与 ACL 匹配的数据包数,请在创建 ACL 条目时使用 count 选项。
● 将规则与计数选项配合使用以创建 ACL,请参阅为筛选器分配序列号。
● 将 ACL 应用为 CONFIGURATION 模式下的接口上的入站或出站 ACL,并查看与 ACL 匹配的数据包数量。
show ip access-list {in | out}
入口 ACL 筛选器
要创建入口 ACL 筛选器,请在 EXEC 模式下使用 ip access-group 命令。要配置入口,请使用 in 关键字。使用 ip
access-list acl-name 命令将规则应用于 ACL。要查看访问列表,请使用 show access-lists 命令。
1. 在 INTERFACE 模式下,在接口上应用入口访问列表。
ip access-group access-group-name in
998
储储控制列表