Web Management Guide-R05
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Using Cloud Management
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCP Snooping
- IPv4 Source Guard
- ARP Inspection
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Setting a Time Range
- LBD Configuration
- Smart Pair Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Filtering and Throttling MLD Groups
- Filtering MLD Query Packets on an Interface
- IP Tools
- IP Configuration
- General IP Routing
- Unicast Routing
- Overview
- Configuring the Routing Information Protocol
- Configuring General Protocol Settings
- Clearing Entries from the Routing Table
- Specifying Network Interfaces
- Specifying Passive Interfaces
- Specifying Static Neighbors
- Configuring Route Redistribution
- Specifying an Administrative Distance
- Configuring Network Interfaces for RIP
- Displaying RIP Interface Settings
- Displaying Peer Router Information
- Resetting RIP Statistics
- IP Services
- Appendices
- Glossary
- Index
Chapter 12
| Security Measures
Access Control Lists
– 280 –
3. If the result of checking an IP ACL is to permit a packet, but the result of a MAC
ACL on the same packet is to deny it, the packet will be denied (because the
decision to deny a packet has a higher priority for security reasons). A packet
will also be denied if the IP ACL denies it and the MAC ACL accepts it.
Showing
TCAM Utilization
Use the Security > ACL (Configure ACL - Show TCAM) page to show utilization
parameters for TCAM (Ternary Content Addressable Memory), including the
number policy control entries in use, the number of free entries, and the overall
percentage of TCAM in use.
Command Usage
Policy control entries (PCEs) are used by various system functions which rely on
rule-based searches, including Access Control Lists (ACLs), IP Source Guard filter
rules, Quality of Service (QoS) processes, QinQ, MAC-based VLANs, VLAN
translation, or traps.
For example, when binding an ACL to a port, each rule in an ACL will use two PCEs;
and when setting an IP Source Guard filter rule for a port, the system will also use
two PCEs.
Parameters
These parameters are displayed:
◆ Pool Capability Code – Abbreviation for processes shown in the TCAM List.
◆ Unit – Stack unit identifier.
◆ Device – Memory chip used for indicated pools.
◆ Pool – Rule slice (or call group). Each slice has a fixed number of rules that are
used for the specified features.
◆ Tota l – The maximum number of policy control entries allocated to the each
pool.
◆ Used – The number of policy control entries used by the operating system.
◆ Free – The number of policy control entries available for use.
◆ Capability – The processes assigned to each pool.
Web Interface
To show information on TCAM utilization:
1. Click Security, ACL.
2. Select Configure ACL from the Step list.
3. Select Show TCAM from the Action list.