JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Switch ES1-24 Documentation
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documention

Product Notes

Related Documentation

CLI Command Modes

Feedback

Support and Accessibility

Installation

Understanding the Installation

Installation Task Overview

Front Panel Components

Rear Panel Components

Confirming Specifications

Physical Specifications

Electrical Specifications

Environmental Specifications

Understanding Cabling

Understanding Management and Power Cabling

Understanding Data Cabling

Single-Switch Location Guidelines

Preparing for Installation

ESD Precautions

Tools Needed for Installation

Verify Switch Kit Contents

Verify Rack Rail Kit Contents

Assemble an SFP+ Data Cable

Route Cables

Installing the Switch

Assemble a Filler

Attach the Rails to the Switch

Attach Telco Adapters to the Rack Slides

Attach the Rack Slides to the Rack

Install the Switch Into the Rack

Attach Power Cords

Install the Air Duct and Front Support

Attach Data and Management Cables

Prepare the Front Support and Small Air Duct

Powering On the Switch

Power On the Switch

Oracle ILOM Overview

Verify the DHCP-Assigned IP Address and Host Name

Configure Network Management From the CLI (SER MGT)

Log Into the Oracle ILOM Web (NET MGT)

Log Into the Oracle ILOM CLI (NET MGT)

Log Into the Oracle ILOM CLI (SER MGT)

Configuration

Administering the Switch

Log In to the Oracle ILOM CLI

Create a SEFOS User

Change a SEFOS User Privilege Level

Configure Network Management From the Web Interface

Configure Network Management From the CLI

Log Out of the Oracle ILOM CLI

Update the Firmware

Administering SEFOS

SEFOS Setup Tasks

Understanding SEFOS Basics

Basic SEFOS Topology

Default Configurations

Connect to SEFOS

Disconnect From SEFOS

Configuring the SEFOS Environment

Enable or Disable the Timeout for Line Connections

Configure the Default IP Address

Configure the IP Address for an Interface

Configure the Name of the Configuration File

Configure the Default VLAN ID

Enable or Disable Trap Generation on an Interface

Configure Debug Logging

Configure ACL Filters

Configure QoS

Configure Port Mirroring

Configure Rate Limiting

Configuring Save Parameters

Enable or Disable the Incremental Save Flag

Enable or Disable the Auto Save Flag

Managing Configuration Files

Save the Configuration to a File

Erase a Configuration File

Copy a Configuration File to a Remote Location

Copy a Configuration File From a Remote Location to Flash

Copy a Configuration File From One Remote Location or Flash to Another Remote Location or Flash

Managing Log Files

View a System Log

Copy a System Log to a Remote Location

View Debug Logs

Configuring the Switching Feature

Switching Feature Topology

Configure Initial Settings

Verify the Configuration

Configure VLAN Forwarding

Verify VLAN Membership

Configure RSTP

Configure LA

Save a Configuration

Configuring the Routing Feature

Routing Feature Topology

Configuring Static Routing

Configuring Dynamic Routing

Disabling Routing

Service

Detecting and Managing Faults

Front Panel LEDs

Rear Panel LEDs

Check Switch Status (LEDs)

Sensors Overview

Check Switch Status (Oracle ILOM)

Component Sensor Targets

Motherboard Sensor Targets

Preparing for Service

ESD Precautions

Tools Needed for Service

Replaceable Components

Remove the Front Support and Air Duct

Remove the CMA

Install the CMA

Servicing Power Supplies

Power Off a Power Supply

Remove a Power Supply

Install a Power Supply

Power On a Power Supply

Servicing the Fan Module

Remove the Fan Module

Install the Fan Module

Glossary

Index

Configure ACL Filters

The example in this procedure shows how to block the IP traffic from a host with an IP address of 12.0.0.100. See Basic SEFOS Topology for the topology for this task.

The filter type can be extended or standard. Standard filters filter the traffic based on the source IP address and the destination IP address. Extended filters can also specify the protocol ID, TCP/UDP port numbers, DSCP values, and flow label. In this example, the IP packets with 12.0.0.100 as the source address are filtered.

ACL filters filter packets at the hardware based on certain filtering criteria configured or programmed in the switch. The switch examines each packet to determine if it should be blocked or if it should be forwarded based on the configured access lists. Type the following commands on the SEFOS-1 switch.

  1. Connect to SEFOS.

    See Connect to SEFOS.

  2. Configure the IP address of the switch to 12.0.0.1.
    SEFOS-1# configure terminal
SEFOS-1(config)# interface vlan 1
SEFOS-1(config-if)# shutdown
SEFOS-1(config-if)# ip address 12.0.0.1  255.0.0.0
SEFOS-1(config-if)# no shutdown
SEFOS-1(config-if)# exit
SEFOS-1(config)# interface extreme-ethernet 0/1
SEFOS-1(config-if)# no shutdown
SEFOS-1(config-if)# exit
SEFOS-1(config)# interface extreme-ethernet 0/2
SEFOS-1(config-if)# no shutdown
SEFOS-1(config-if)# exit
  3. Create an IP filter with ID 11.
    SEFOS-1(config)# ip access-list extended 11
  4. Deny the IP traffic from host 12.0.0.100 to any network or host.
    SEFOS-1(config-ext-nacl)# deny ip host 12.0.0.100 any
SEFOS-1(config-ext-nacl)# end
  5. Ping from host A to host B.
    # ping 12.0.0.17
12.0.0.17 is alive
  6. Apply the IP filter 11 to port 1.
    SEFOS-1(config)# interface extreme-ethernet 0/1
SEFOS-1(config-if)# ip access-group 11 in
SEFOS-1(config-if)# exit
SEFOS-1(config)# vlan 1
SEFOS-1(config-vlan)# ports extreme-ethernet 0/1 extreme-ethernet 
0/2 untagged extreme-ethernet 0/1 extreme-ethernet 0/2

    Note - You might see the following message if ports 1 and 2 are already in VLAN 1. If you see this message, you can ignore it.

    % Member Ports cannot be added/deleted on Default VLAN
SEFOS-1(config-vlan)# end
  7. View the configuration details.
    SEFOS-1# show access-lists
...
IP address Type                  : IPV4
...
In Port List                     : Ex0/1
...
Filter Action                    : Deny
Status                           : Active
  8. Send the forwarding traffic from host A to host B in the same fashion as the ping from host A to host B in Step 5.

    Packets sent from host A are not forwarded to port 2 because the filter action is set to deny. The ping to 12.0.0.17 from host A fails with no answer from 12.0.0.17.

  9. Remove the IP filter from port 1.
    SEFOS-1# configure terminal
SEFOS-1(config)# interface extreme-ethernet 0/1
SEFOS-1(config-if)# no ip access-group 11 in
SEFOS-1(config-if)# end
SEFOS-1# show access-lists
...
Status                           : InActive
  10. Send the forwarding traffic from host A to host B in the same fashion as the ping from host A to host B in Step 5.

    The ping is answered from host B. Packets sent from host A are forwarded to port 2. The following two consecutive ping commands show that the deny filter action set in the ACL list was applied to one port and was removed from another port.

    # ping 12.0.0.17
no answer from 12.0.0.17
# ping 12.0.0.17
12.0.0.17 is alive
Related Information
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next