Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4
141142143144145146147148149150
142 ExtremeWare 7.2e Installation and User Guide
Security
Maximum Entries
If you try to create an access mask when no more are available, the system will issue a warning
message. Three access masks are constantly used by the system, leaving a maximum of 13
user-definable access masks. However, enabling some features causes the system to use additional
access masks, reducing the number available.
For each of the following features that you enable, the system will use one access mask. When the
feature is disabled, the mask will again be available. The features are:
RIP
IGMP or OSPF (both would share a single mask)
DiffServ examination
QoS monitor
The maximum number of access list allowed by the hardware is 254 for each block of eight
10/100 Mbps Ethernet ports and 126 for each Gbps Ethernet port, for a total of 1014 rules (254*3+126*2).
Most user entered access list commands will require multiple rules on the hardware. For example, a
global rule (an access control list using an access mask without “ports” defined), will require 5 rules,
one for each of the 5 blocks of ports on the hardware.
The maximum number of rate-limiting rules allowed is 315 (63*5). This number is part of the total
access control list rules (1014).
Deleting Access Mask, Access List, and Rate Limit Entries
Entries can be deleted from access masks, access lists, and rate limits. An access mask entry cannot be
deleted until all the access lists and rate limits that reference it are also deleted.
To delete an access mask entry, use the following command:
delete access-mask <name>
To delete an access list entry, use the following command:
delete access-list <name>
To delete a rate limit entry, use the following command:
delete rate-limit <name>
Verifying Access Control List Configurations
To verify access control list settings, you can view the access list configuration.
To view the access list configuration use the following command:
show access-list {<name> | port <portlist>}
To view the rate limit configuration use the following command:
show rate-limit {<name> | ports <portlist>}
To view the access mask configuration use the following command:
show access-mask {<name>}