GS-4210-Series (V2) User Manual
Table Of Contents
- Chapter 1 COMMAND LINE INTERFACE
- Chapter 2 CONSOLE CLI MANAGEMENT
- Chapter 3 TELNET CLI MANAGEMENT
- Chapter 4 Commands for CLI Configuration
- 4.1 802.1x
- 4.1.1 dot1x
- 4.1.2 dot1x authentication
- 4.1.3 dot1x reauthentication
- 4.1.4 dot1x timeout reauth-period
- 4.1.5 dot1x timeout quiet-period
- 4.1.6 dot1x timeout supp-timeout
- 4.1.7 dot1x max-req
- 4.1.8 dot1x guest-vlan
- 4.1.9 dot1x guest-vlan
- 4.1.10 show dot1x
- 4.1.11 show dot1x authenticated-hosts
- 4.1.12 show dot1x interface
- 4.1.13 show dot1x guest-vlan
- 4.2 AAA
- 4.2.1 aaa authentication
- 4.2.2 login authentication
- 4.2.3 ip http login authentication
- 4.2.4 enable authentication
- 4.2.5 show aaa authentication
- 4.2.6 show line lists
- 4.2.7 tacacs default-config
- 4.2.8 tacacs host
- 4.2.9 show tacacs default-config
- 4.2.10 show tacacs
- 4.2.11 radius default-config
- 4.2.12 radius host
- 4.2.13 show radius default-config
- 4.2.14 show radius
- 4.3 ACL
- 4.4 Administration
- 4.4.1 enable
- 4.4.2 exit
- 4.4.3 configure
- 4.4.4 interface
- 4.4.5 line
- 4.4.6 end
- 4.4.7 reboot
- 4.4.8 system name
- 4.4.9 system contact
- 4.4.10 system location
- 4.4.11 username
- 4.4.12 enable password
- 4.4.13 ip address
- 4.4.14 ip default-gateway
- 4.4.15 ip dns
- 4.4.16 ip dhcp
- 4.4.17 ipv6 autoconfig
- 4.4.18 ipv6 address
- 4.4.19 ipv6 default-gateway
- 4.4.20 ipv6 dhcp
- 4.4.21 ip service
- 4.4.22 ip session-timeout
- 4.4.23 exec-timeout
- 4.4.24 password-thresh
- 4.4.25 silent-time
- 4.4.26 history
- 4.4.27 clear service
- 4.4.28 ssl
- 4.4.29 ping
- 4.4.30 traceroute
- 4.4.31 clear arp
- 4.4.32 show version
- 4.4.33 show info
- 4.4.34 show history
- 4.4.35 show username
- 4.4.36 show ip
- 4.4.37 show ip dhcp
- 4.4.38 show ipv6
- 4.4.39 show ipv6 dhcp
- 4.4.40 show line
- 4.5 Cable Diagnostics
- 4.6 DHCP Snooping
- 4.6.1 Ip dhcp snooping
- 4.6.2 ip dhcp snooping vlan
- 4.6.3 ip dhcp snooping trust
- 4.6.4 ip dhcp snooping verify
- 4.6.5 ip dhcp snooping limit rate
- 4.6.6 clear ip dhcp snooping statistics
- 4.6.7 show ip dhcp snooping
- 4.6.8 show ip dhcp snooping interface
- 4.6.9 show ip dhcp snooping binding
- 4.6.10 ip dhcp snooping option
- 4.6.11 ip dhcp snooping option action
- 4.6.12 ip dhcp snooping option circuit-id
- 4.6.13 ip dhcp snooping option remote-id
- 4.6.14 show ip dhcp snooping option
- 4.6.15 ip dhcp snooping database
- 4.6.16 ip dhcp snooping database write-deley
- 4.6.17 ip dhcp snooping database timeout
- 4.6.18 clear ip dhcp snooping database statistics
- 4.6.19 renew ip dhcp snooping database
- 4.6.20 show ip dhcp snooping database
- 4.7 DoS
- 4.8 Dynamic ARP Inspection
- 4.9 GVRP
- 4.10 IGMP Snooping
- 4.10.1 Ip igmp snooping
- 4.10.2 ip igmp snooping report-suppression
- 4.10.3 ip igmp snooping version
- 4.10.4 ip igmp snooping unknown-multicast action
- 4.10.5 ip igmp snooping forward-method
- 4.10.6 ip igmp snooping querier
- 4.10.7 ip igmp snooping vlan
- 4.10.8 ip igmp snooping vlan parameters
- 4.10.9 ip igmp snooping static port
- 4.10.10 ip igmp snooping vlan static router port
- 4.10.11 ip igmp snooping static group
- 4.10.12 ip igmp profile
- 4.10.13 ip igmp filter
- 4.10.14 ip igmp max-group
- 4.10.15 clear ip igmp snooping groups
- 4.10.16 clear ip igmp snooping statistics
- 4.10.17 show ip igmp snooping counters
- 4.10.18 show ip igmp snooping groups
- 4.10.19 show ip igmp snooping router
- 4.10.20 show ip igmp snooping querier
- 4.10.21 show ip igmp snooping
- 4.10.22 show ip igmp snooping vlan
- 4.10.23 show ip igmp snooping forward-all
- 4.10.24 show ip igmp profile
- 4.10.25 show ip igmp port filter
- 4.10.26 show ip igmp port max-group
- 4.10.27 show ip igmp port max-group action
- 4.11 IP Source Guard
- 4.12 Link Aggregation
- 4.13 LLDP
- 4.13.1 lldp
- 4.13.2 lldp tx-interval
- 4.13.3 lldp reinit-delay
- 4.13.4 lldp holdtime-multiplier
- 4.13.5 lldp tx-delay
- 4.13.6 lldp tlv-select
- 4.13.7 lldp tlv-select pvid
- 4.13.8 lldp tlv-select vlan-name
- 4.13.9 lldp lldpdu
- 4.13.10 lldp tx/rx
- 4.13.11 lldp med
- 4.13.12 lldp med tlv-select
- 4.13.13 lldp med fast-start-report-count
- 4.13.14 lldp med network-policy
- 4.13.15 lldp med network-policy add | remove
- 4.13.16 lldp med network-policy auto
- 4.13.17 lldp med location
- 4.13.18 show lldp
- 4.13.19 show lldp local-device
- 4.13.20 show lldp neighbor
- 4.13.21 show lldp med
- 4.13.22 show lldp statistics
- 4.13.23 show lldp tlv-overloading
- 4.14 Logging
- 4.15 MAC Address Table
- 4.16 Mirror
- 4.17 MLD Snooping
- 4.17.1 ipv6 mld snooping
- 4.17.2 ipv6 mld snooping report-suppression
- 4.17.3 ipv6 mld snooping version
- 4.17.4 ipv6 mld snooping vlan
- 4.17.5 ipv6 mld snooping vlan parameters
- 4.17.6 ipv6 mld snooping vlan static-port
- 4.17.7 ipv6 mld snooping vlan static-router-port
- 4.17.8 ipv6 mld snooping vlan static-group
- 4.17.9 ipv6 mld profile
- 4.17.10 ipv6 mld filter
- 4.17.11 ipv6 mld max-groups
- 4.17.12 clear ipv6 mld snooping groups
- 4.17.13 clear ipv6 mld snooping statistics
- 4.17.14 show ipv6 mld snooping groups counters
- 4.17.15 show ipv6 mld snooping groups
- 4.17.16 show ipv6 mld snooping router
- 4.17.17 show ipv6 mld snooping
- 4.17.18 show ipv6 mld snooping vlan
- 4.17.19 show ipv6 mld snooping forward-all
- 4.17.20 show ipv6 mld profile
- 4.17.21 show ipv6 mld filter
- 4.17.22 show ipv6 mld max-group
- 4.17.23 show ipv6 mld max-group action
- 4.18 Port Security
- 4.19 Port Error Disable
- 4.20 Port
- 4.21 QoS
- 4.22 Rate Limit
- 4.23 RMON
- 4.24 SNMP
- 4.24.1 snmp
- 4.24.2 snmp trap
- 4.24.3 snmp view
- 4.24.4 snmp access group
- 4.24.5 snmp community
- 4.24.6 snmp user
- 4.24.7 snmp engineID
- 4.24.8 snmp host
- 4.24.9 show snmp
- 4.24.10 show snmp trap
- 4.24.11 show snmp view
- 4.24.12 show snmp group
- 4.24.13 show snmp community
- 4.24.14 show snmp host
- 4.24.15 show snmp user
- 4.24.16 show snmp engineid
- 4.25 Storm Control
- 4.26 Spanning Tree
- 4.26.1 spanning-tree
- 4.26.2 spanning-tree bpdu
- 4.26.3 spanning-tree mode
- 4.26.4 spanning-tree priority
- 4.26.5 spanning-tree hello-time
- 4.26.6 spanning-tree max-hops
- 4.26.7 spanning-tree forward-delay
- 4.26.8 spanning-tree maximum-age
- 4.26.9 spanning-tree tx-hold-count
- 4.26.10 spanning-tree pathcost method
- 4.26.11 spanning-tree port-priority
- 4.26.12 spanning-tree cost
- 4.26.13 spanning-tree edge
- 4.26.14 spanning-tree bpdu-filter
- 4.26.15 spanning-tree bpdu-guard
- 4.26.16 spanning-tree link-type
- 4.26.17 spanning-tree mst configuration
- 4.26.18 spanning-tree mst priority
- 4.26.19 spanning-tree mst cost
- 4.26.20 spanning-tree mst port-priority
- 4.27 System File
- 4.28 Time
- 4.29 VLAN
- 4.29.1 vlan
- 4.29.2 vlan name
- 4.29.3 switchport mode
- 4.29.4 switchport hybrid pvid
- 4.29.5 switchport hybrid ingress-filtering
- 4.29.6 switchport hybrid acceptable-frame-type
- 4.29.7 switchport hybrid allowed vlan add
- 4.29.8 switchport hybrid allowed vlan remove
- 4.29.9 switchport access vlan
- 4.29.10 switchport tunnel vlan
- 4.29.11 switchport trunk native vlan
- 4.29.12 switchport trunk allowed vlan
- 4.29.13 switchport default-vlan tagged
- 4.29.14 switchport forbidden default-vlan
- 4.29.15 switchport forbidden vlan
- 4.29.16 management-vlan
- 4.29.17 show management-vlan
- 4.29.18 protocol-vlan group
- 4.29.19 protocol vlan binding
- 4.29.20 show protocol vlan group
- 4.29.21 show protocol vlan interfaces
- 4.30 Voice VLAN
- 4.1 802.1x
Command Guide of GS-4210 Series
52
Parameter:
<1-2147483647>
(Optional) Specify sequence index of ACE, the sequence index represent the priority of
an ACE in ACL.
(A:B:C:D:E:F/A:B:C
:D:E:F|any)
Specify the source MAC address and mask of packet or any MAC address.
(A:B:C:D:E:F/A:B:C
:D:E:F|any)
Specify the destination MAC address and mask of packet or any MAC address
[vlan <1-4094>]
(Optional) Specify the vlan ID of packet.
[cos <0-7> <0-7>]
(Optional) Specify the Class of Service value and mask of packet.
[ethtype
<1501-65535>]
(Optional) Specify Ethernet protocol number of packet
Mode:
MAC ACL Configuration
Usage Guide:
Use the permit command to add permit conditions for a mac ACE that bypass those packets hit the ACE. The
“sequence” also represents hit priority when ACL bind to an interface. An ACE not specifies “sequence” index would
assign a sequence index which is the largest existed index plus 20. If packet content can match more than one ACE,
the lowest sequence ACE is hit. An ACE can not be added if has the same conditions as existed ACE.
Example:
The example shows how to add an ACE that permit packets with source MAC address 22:33:44:55:66:77 、VLAN 3
and Ethernet type 1999. You can verify settings by the following show acl command
Switch(config)# mac acl test
Switch(mac-al)# sequence 999 permit 22:33:44:55:66:77/FF:FF:FF:FF:FF:FF any vlan
3 ethtype 1999
Switch(mac-al)# show acl
MAC access list test
sequence 999 permit 22:33:44:55:66:77/FF:FF:FF:FF:FF:FF any vlan 3 ethtype 1999
4.3.3 deny (MAC)
Command:
[sequence <1-2147483647>] deny (A:B:C:D:E:F/A:B:C:D:E:F|any)
(A:B:C:D:E:F/A:B:C:D:E:F|any) [vlan <1-4094>] [cos <0-7> <0-7>] [ethtype
<1501-65535>] [shutdown]