User's Manual
Table Of Contents
- 8-Port Multi-Gigabit Smart Managed Pro Switch with Two 10G Ports
- Contents
- 1 Get Started
- 2 Configure System Information
- View and Configure the Switch Management Settings
- View or Define System Information and View Software Versions
- View the System CPU Status
- View USB Device Information
- Configure the IPv4 Address for the Network Interface and Management VLAN
- Configure the IPv6 Address for the Network Interface
- View the IPv6 Network Neighbor
- Configure the Time Settings
- Configure DNS Settings
- Configure Green Ethernet Settings
- Use the Device View
- Configure Power over Ethernet
- Configure SNMP
- Configure LLDP
- Configure DHCP Snooping
- Set Up PoE Timer Schedules
- View and Configure the Switch Management Settings
- 3 Configure Switching
- Configure Port Settings and Flow Control
- Configure Link Aggregation Groups
- Configure VLANs
- Configure VLAN Settings
- Configure VLAN Membership
- View VLAN Status
- Configure Port PVID Settings
- Configure MAC-Based VLAN Groups
- Manually Add Members to or Remove Them From a MAC-Based VLAN Group
- Configure Protocol-Based VLAN Groups
- Manually Add Members to or Remove Them From a Protocol-Based VLAN Group
- Configure GARP Switch Settings
- Configure GARP Ports
- Configure a Voice VLAN
- Configure Auto-VoIP
- Configure Spanning Tree Protocol
- Configure Multicast
- View the MFDB Table
- View the MFDB Statistics
- Configure Auto-Video
- IGMP Snooping Overview
- Configure the Global IGMP Snooping Settings
- View the IGMP Snooping Table
- Configure IGMP Snooping for VLANs
- Modify IGMP Snooping Settings for a VLAN
- Disable IGMP Snooping on a VLAN and Remove It From the Table
- IGMP Snooping Querier Overview
- Configure IGMP Snooping Querier
- Configure IGMP Snooping Querier for VLANs
- Display the IGMP Snooping Querier for VLAN Status
- MLD Snooping Overview
- Configure the Global MLD Snooping Settings
- Configure MLD Snooping for a VLAN
- View, Search, and Manage the MAC Address Table
- 4 Configure Routing
- IP Routing Overview
- Configure IP Settings
- Configure VLAN Routing
- Manage IPv4 Routes
- Configure Address Resolution Protocol
- Configure IPv6
- Configure IPv6 Global Settings
- Add a Static IPv6 Route
- Change the Preference for a Static IPv6 Route
- Remove a Static IPv6 Route
- View the IPv6 Route Table
- Configure IPv6 VLAN Interface Settings
- Add an IPv6 Global Address to an IPv6 VLAN
- Change the Settings for an IPv6 Global Address on an IPv6 VLAN
- Remove an IPv6 Global Address From an IPv6 VLAN
- Add an IPv6 Prefix for Advertisement on an IPv6 VLAN
- Change the Settings for an IPv6 Prefix for Advertisement on an IPv6 VLAN
- Remove an IPv6 Prefix From an IPv6 VLAN
- View IPv6 Statistics for an Interface
- View or Clear the IPv6 Neighbor Table
- 5 Configure Quality of Service
- 6 Manage Device Security
- Management Security Settings
- Configure Management Access
- Configure Port Authentication
- Set Up Traffic Control
- Configure Access Control Lists
- Use the ACL Wizard to Create a Simple ACL
- Configure a Basic MAC ACL
- Configure MAC ACL Rules
- Configure MAC Bindings
- View or Delete MAC ACL Bindings in the MAC Binding Table
- Configure an IP ACL
- Configure Rules for a Basic IP ACL
- Configure Rules for an Extended IP ACL
- Configure an IPv6 ACL
- Configure IPv6 Rules
- Configure IP ACL Interface Bindings
- View or Delete IP ACL Bindings in the IP ACL Binding Table
- 7 Monitor the System
- 8 Maintain the Switch and Perform Troubleshooting
- A Configuration Examples
- B Hardware Specifications and Default Settings
Smart Managed Pro Switches MS510TX and MS510TXPP
Configuration Examples User Manual336
• If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet
can access port 5 and port 6. The outgoing packet is stripped of its tag to become an
untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
Access Control Lists (ACLs)
ACLs ensure that only authorized users can access specific resources while blocking off any
unwarranted attempts to reach network resources.
ACLs are used to provide traffic flow control, restrict contents of routing updates, decide
which types of traffic are forwarded or blocked, and provide security for the network. ACLs
are normally used in firewall routers that are positioned between the internal network and an
external network, such as the Internet. They can also be used on a router positioned between
two parts of the network to control the traffic entering or exiting a specific part of the internal
network. The added packet processing required by the ACL feature does not affect switch
performance. That is, ACL processing occurs at wire speed.
Access lists are sequential collections of permit and deny conditions. This collection of
conditions, known as the filtering criteria, is applied to each packet that is processed by the
switch or the router. The forwarding or dropping of a packet is based on whether or not the
packet matches the specified criteria.
Traffic filtering requires the following two basic steps:
1. Create an access list definition.
The access list definition includes rules that specify whether traffic matching the criteria is
forwarded normally or discarded. Additionally, you can assign traffic that matches the
criteria to a particular queue or redirect the traffic to a particular port. A default deny all
rule is the last rule of every list.
2. Apply the access list to an interface in the inbound direction.
The switch allow ACLs to be bound to physical ports and LAGs. The switch supports MAC
ACLs, IPv4 ACLS, and IPv6 ACLs.
Sample MAC ACL Configuration
The following example shows how to create a MAC-based ACL that permits Ethernet traffic
from the Sales department on specified ports and denies all other traffic on those ports.
1. On the MAC ACL page, create an ACL with the name Sales_ACL for the Sales
department of your network (see
Configure a Basic MAC ACL on page 265).
By default, this ACL is bound on the inbound direction, which means that the switch
examines traffic as it enters the port.
2. On the MAC Rules page, create a rule for the Sales_ACL with the following settings: