Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 511

    Page 511 Security: SSH Server SSH Server Configuration Pages 473 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 23 
    Security: SSH Server
SSH Server Configuration Pages
473 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
23

    Page 512

    Page 512 24 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 474 Access Control The Access Control List (ACL) feature is part of the security mechanism. ACL definitions serve as one of the mechanisms to define traffic flows that are given a specific Quality of Service (QoS). For more information see Quality of Service. ACLs enable network managers to define patterns (filter and actions) for ingress traffic. Packets, entering the device on a port or LAG with... 
    24
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  474
 
Access Control
The Access Control List (ACL) feature is part of the security mechanism. ACL 
definitions serve as one of the mechanisms to define traffic flows that are given a 
specific Quality of Service (QoS). For more information see Quality of Service.
ACLs enable network managers to define patterns (filter and actions) for ingress 
traffic. Packets, entering the device on a port or LAG with...

    Page 513

    Page 513 Access Control Access Control Lists 475 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 24 When a packet matches an ACE filter, the ACE action is taken and that ACL processing is stopped. If the packet does not match the ACE filter, the next ACE is processed. If all ACEs of an ACL have been processed without finding a match, and if another ACL exists, it is processed in a similar manner. NOTEIf no match is found to any ACE in all relevant ACLs, the... 
    Access Control
Access Control Lists
475 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
24
When a packet matches an ACE filter, the ACE action is taken and that ACL 
processing is stopped. If the packet does not match the ACE filter, the next ACE is 
processed. If all ACEs of an ACL have been processed without finding a match, 
and if another ACL exists, it is processed in a similar manner. 
NOTEIf no match is found to any ACE in all relevant ACLs, the...

    Page 514

    Page 514 Access Control Defining MAC-based ACLs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 476 24 Creating ACLs Workflow To create ACLs and associate them with an interface, perform the following: 1. Create one or more of the following types of ACLs: a. MAC-based ACL by using the MAC Based ACL page and the MAC Based ACE page b. IP-based ACL by using the IPv4 Based ACL page and the IPv4 Based ACE page c. IPv6-based ACL by using the IPv6 Based ACL page... 
    Access Control
Defining MAC-based ACLs
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  476
24
 
Creating ACLs Workflow
To create ACLs and associate them with an interface, perform the following:
1. Create one or more of the following types of ACLs:
a. MAC-based ACL by using the MAC Based ACL page and the MAC Based 
ACE page
b. IP-based ACL by using the IPv4 Based ACL page and the IPv4 Based ACE 
page
c. IPv6-based ACL by using the IPv6 Based ACL page...

    Page 515

    Page 515 Access Control Defining MAC-based ACLs 477 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 24 MAC-based ACLs are defined in the MAC Based ACL page. The rules are defined in the MAC Based ACE page. To define a MAC-based ACL: STEP 1Click Access Control > MAC-Based ACL. This page contains a list of all currently-defined MAC-based ACLs. STEP 2Click Add. STEP 3Enter the name of the new ACL in the ACL Name field. ACL names are case-sensitive. STEP... 
    Access Control
Defining MAC-based ACLs
477 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
24
MAC-based ACLs are defined in the MAC Based ACL page. The rules are defined 
in the MAC Based ACE page.
To define a MAC-based ACL:
STEP 1Click Access Control > MAC-Based ACL.
This page contains a list of all currently-defined MAC-based ACLs.
STEP  2Click Add.
STEP  3Enter the name of the new ACL in the ACL Name field. ACL names are 
case-sensitive.
STEP...

    Page 516

    Page 516 Access Control Defining MAC-based ACLs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 478 24 •Time Range—Select to enable limiting the use of the ACL to a specific time range. •Time Range Name—If Time Range is selected, select the time range to be used. Time ranges are defined in the Time Range section. •Destination MAC Address—Select Any if all destination addresses are acceptable or User defined to enter a destination address or a range of... 
    Access Control
Defining MAC-based ACLs
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  478
24
 
•Time Range—Select to enable limiting the use of the ACL to a specific time 
range.
•Time Range Name—If Time Range is selected, select the time range to be 
used. Time ranges are defined in the Time Range section.
•Destination MAC Address—Select Any if all destination addresses are 
acceptable or User defined to enter a destination address or a range of...

    Page 517

    Page 517 Access Control IPv4-based ACLs 479 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 24 IPv4-based ACLs IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked. The following fields can be matched: •IP protocol (by name for well-known protocols, or directly by value) •Source/destination ports for TCP/UDP traffic •Flag values for TCP frames •ICMP and IGMP type and code •Source/destination IP... 
    Access Control
IPv4-based ACLs
479 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
24
IPv4-based ACLs
IPv4-based ACLs are used to check IPv4 packets, while other types of frames, 
such as ARPs, are not checked.
The following fields can be matched:
•IP protocol (by name for well-known protocols, or directly by value) 
•Source/destination ports for TCP/UDP traffic 
•Flag values for TCP frames 
•ICMP and IGMP type and code 
•Source/destination IP...

    Page 518

    Page 518 Access Control IPv4-based ACLs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 480 24 Adding Rules (ACEs) to an IPv4-Based ACL NOTEEach IPv4-based rule consumes one TCAM rule. Note that the TCAM allocation is performed in couples, such that, for the first ACE, 2 TCAM rules are allocated and the second TCAM rule is allocated to the next ACE, and so forth. To add rules (ACEs) to an IPv4-based ACL: STEP 1Click Access Control > IPv4-Based ACE. STEP... 
    Access Control
IPv4-based ACLs
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  480
24
 
Adding Rules (ACEs) to an IPv4-Based ACL
NOTEEach IPv4-based rule consumes one TCAM rule. Note that the TCAM allocation is 
performed in couples, such that, for the first ACE, 2 TCAM rules are allocated and 
the second TCAM rule is allocated to the next ACE, and so forth.
To add rules (ACEs) to an IPv4-based ACL:
STEP 1Click Access Control > IPv4-Based ACE.
STEP...

    Page 519

    Page 519 Access Control IPv4-based ACLs 481 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 24 -EGP—Exterior Gateway Protocol - IGP—Interior Gateway Protocol - UDP—User Datagram Protocol - HMP—Host Mapping Protocol - RDP—Reliable Datagram Protocol. - IDPR—Inter-Domain Policy Routing Protocol - IPV6—IPv6 over IPv4 tunneling - IPV6:ROUT—Matches packets belonging to the IPv6 over IPv4 route through a gateway - IPV6:FRAG—Matches packets belonging to the IPv6 over... 
    Access Control
IPv4-based ACLs
481 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
24
-EGP—Exterior Gateway Protocol
-
IGP—Interior Gateway Protocol
-
UDP—User Datagram Protocol
-
HMP—Host Mapping Protocol
-
RDP—Reliable Datagram Protocol.
-
IDPR—Inter-Domain Policy Routing Protocol
-
IPV6—IPv6 over IPv4 tunneling
-
IPV6:ROUT—Matches packets belonging to the IPv6 over IPv4 route 
through a gateway 
-
IPV6:FRAG—Matches packets belonging to the IPv6 over...

    Page 520

    Page 520 Access Control IPv4-based ACLs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 482 24 •Source IP Wildcard Mask—Enter the mask to define a range of IP addresses. Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates dont care and 0 indicates to mask that value. NOTEGiven a mask of 0000 0000 0000 0000 0000 0000 1111 1111 (which means that you match on the bits where there is 0 and dont match... 
    Access Control
IPv4-based ACLs
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  482
24
 
•Source IP Wildcard Mask—Enter the mask to define a range of IP 
addresses. Note that this mask is different than in other uses, such as subnet 
mask. Here, setting a bit as 1 indicates dont care and 0 indicates to mask that 
value.
NOTEGiven a mask of 0000 0000 0000 0000 0000 0000 1111 1111   (which 
means that you match on the bits where there is 0 and dont match...
    Start reading Cisco Sg3008 Manual

    Related Manuals for Cisco Sg3008 Manual

    All Cisco manuals