Dell™ PowerConnect™ 3324/3348 Switch CLI Guide
Use the ip access-list global configuration command to create Layer 3 ACLs and enter IP-access list configuration Mode. To delete an IP ACL, use the no form of this command.
ip access-list name
no ip access-list name
The default is deny-all.
Global Configuration Mode
The ip-access-list command enters the IP-access list configuration mode.
The following example creates an ACL named Dell.
Console (config)# ip-access-list Dell |
Use the permit ip access-list configuration mode command to allow traffic if the conditions defined in the permit statement are matched.
permit {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp dscp number | ip-precedence ip-precedence]
permit-tcp {any | source source-wildcard}} {any | source-port} {any | destination destination-wildcard}} {any | destination-port} [dscp dscp number | ip-precedence ip-precedence]
permit-udp {any | {source source-mask}} {any | source-port} {any | {destination destination-mask}}{any|destination-port} [dscp dscp number | ip-precedence ip-precedence]
This command has no default configuration.
IP Access-List Configuration Mode
The matching criteria in IP-ACLs are defined in ACEs. The ACE is defined using the permit (IP) or deny (IP) command. Up to 256 ACEs are combined into an IP-ACL.
If there are no matches, the packets are denied.
The following example creates an ACE allowing RSVP protocol traffic from 12.1.1.1 with DSCP 56.
Console (config-ip-al)# permit rsvp 12.1.1.1 0.0.0.0 any dscp 56 |
Use the deny IP access-list configuration command to deny traffic if the conditions defined in the deny statement are matched.
deny [disable-port] {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp dscp number | ip-precedence ip-precedence]
deny-tcp [disable-port] {any | {source source-wildcard}} {any |source-port} {any | {destination destination-wildcard}} {any |destination-port} [dscp dscp number | ip-precedence ip-precedence]
deny-udp [disable-port] {any | {source source-mask}} {any | source-port} {any | {destination destination-mask}} {any | destination-port} [dscp dscp number | ip-precedence ip-precedence]
This command has no default configuration.
IP Access-List Configuration Mode
The matching criteria in IP-ACLs are defined in ACEs. The ACE is defined using the permit (IP) or deny (IP) command. Up to 248 ACE's are combined into an IP-ACL.
If there are no matches, the packets are denied.
The following example creates an ACE denying any IP traffic from address 192.1.1.10 with wildcard 0.0.0.255 or traffic to 192.168.1.10 with the mask 255.255.255.0.
Console (config-ip-al)# deny any 192.1.1.10 0.0.0.255 192.168.1.10 255.255.255.0 |
Use the mac access-list global configuration command to create Layer 2 MAC ACLs and enter the MAC-Access list configuration mode. To delete a MAC ACL, use the no form of this command.
mac access-list name
no mac access-list name
The default for all ACLs is deny.
Global Configuration Mode
Entering the mac access-list command enables the MAC-access list configuration mode.
The following example creates a MAC ACL named dell.
Console (config)# mac access-list dell |
Use the permit extended mac-list configuration mode command to allow traffic if the conditions defined in the permit statement are matched.
permit {any | {host source source-wildcard} any | {destination destination-wildcard}}[vlan vlan-id]
This command has no default configuration.
MAC-List Configuration Mode
The matching criteria in MAC-ACLs are defined in ACEs.
The following example creates a MAC ACE that allows traffic from MAC address 6:6:6:6:6:6 with any destination on VLAN 4.
Console (config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 4 |
Use the deny extended mac-list configuration mode command to allow traffic if the conditions defined in the permit statement are matched.
deny [disable-port] {any | {source source-wildcard} any | {destination destination-wildcard}} [vlan vlan-id]
This command has no default configuration.
Extended MAC-List Configuration Mode
The matching criteria in MAC-ACLs are defined in ACEs.
The following example creates a MAC ACE that denies traffic from MAC address 6:6:6:6:6:6.
Console (config-mac-al)# deny 6:6:6:6:6:6 0:0:255:255:255:255 |
Use the service-acl interface configuration command to apply an access-list to the interface input. To detach an access-list from an interface, use the no form of this command.
service-acl {input acl-name | output acl -map-name}
no service-acl {input | output}
This command has no default configuration.
Interface Configuration (Ethernet, VLAN, port-channel) Mode
Only one ACL per interface per direction is supported.
The following example attaches the ACL named dell to the interface input.
Console (config-if)# service acl input dell |
Use the show access-lists privileged EXEC command to display access control lists (ACLs) defined on the device.
show access-lists [name]
This command has no default configuration.
Privileged EXEC Mode
There are no user guidelines for this command.
The following example displays access control lists (ACLs) configured on the device.
Console # show access-lists IP access list ACL1 permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any |
Use the show interfaces access-lists privileged EXEC command to display access lists applied on interfaces.
show interfaces access-lists [ethernet interface | vlan vlan-id | port-channel port-channel-number]
This command has no default configuration.
Privileged EXEC Mode
There are no user guidelines for this command.
The following example displays access control lists (ACLs) configured on the device.
Console# show interfaces access-lists Interface Input ACL --------- ---------- 1/1 ACL1 2/1 ACL3 |
Use the qos global configuration command to enable quality of service (QoS) on the device. To disable the QoS features on the device, use the no form of this command.
qos
no qos
The default QoS value is enabled.
Global Configuration Mode
There are no user guidelines for this command.
The following example enables QoS on the device.
Console (config)# qos |
Use the show qos user EXEC command to display the QoS activity status.
show qos
This command has no default configuration.
User EXEC Mode
There are no user guidelines for this command.
The following example displays a device QoS status.
Console>show qos Qos: disable Trust: dscp |
Use the wrr-queue cos-map global configuration command to map assigned CoS values to the egress queues. To return to the default values, use the no form of this command.
wrr-queue cos-map queue-id cos1...cosn
no wrr-queue cos-map {queue-id}
Default values for three queues are as follows:
Global Configuration Mode
This command is used to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) and weighted random early detection (WRED) parameters.
Queues are enabled by using the priority-queue out num-of-queues interface configuration command.
The following example maps CoS 2 to queue 4.
Console (config)# wrr-queue cos-map 4 2 |
Use the wrr-queue bandwidth global configuration command to assign weighted round robin (WRR) weights to egress queues. The weights ratio determines the frequency in which the packet scheduler dequeues packets from each queue. To return to the default values use, the no form of this command.
wrr-queue bandwidth weight1 weight2 ... weight_n
no wrr-queue bandwidth
The default WRR weight is 1/4 ratio for all queues (each weight is set to 1).
Global Configuration Mode
The ratio is calculated and managed as follows:
The ratio for each queue is defined by the queue weight divided by the sum of all queue weights (that is, the normalized weight). This sets the ratio of the frequency in which the WRR packet scheduler dequeues packets, and not the bandwidth. Thus, the ratio will be of the number of packets and not bytes sent from each queue.
A weight of 0 means no bandwidth is allocated for the same queue, and the share bandwidth is divided among the remaining queues.
The following example sets queue weights as follows:
Console (config)# wrr-queue bandwidth 10 20 30 40 |
Use the priority-queue out num-of-queues global configuration command to enable the egress queues to be strict priority (Expedite) queues. To set all queues to strict priority (Expedite) queues, use the no form of this command. EF refers to expedite
priority-queue out num-of-queues [number-of-queues]
no priority-queue out num-of-queues
All queues are strict priority (Expedite) queues.
Global Configuration Mode
When configuring the priority-queue out num-of-queues command, the weighted round robin (WRR) weight ratios are affected because there are fewer queues participating in WRR. This means that corresponding weight in the wrr-queue bandwidth command is ignored (not used in the ratio calculation).
The following example sets queues 3, 4 to be EF queues.
Console (config)# priority-queue out num-of-queues 2 |
Use the show qos interface user EXEC command to display interface QoS data. EF refers to expedite
show qos interface [ethernet interface-number | port-channel number] [ queuing]
This command has no default configuration.
Global Configuration Mode
If no keyword is specified with the show qos interface command, the port QoS mode trusted, untrusted, and default CoS values are displayed. If a specific interface is not specified, the information for all interfaces is displayed.
The following example displays the output from the show qos interface ethernet 1/e5 queueing command for 4 queues.
Use the qos map dscp-queue global configuration command to modify the DSCP to CoS map. To return to the default map, use the no form of this command.
qos map dscp-queue dscp-list to queue-id
no qos map dscp-queue
The following table describes default map.
Global Configuration Mode
There are no user guidelines for this command.
The following example maps DSCP values 33, 40, and 41 to queue 1.
Console (config)# qos map dscp-queue 33 40 41 to 1 |
Use the qos trust global configuration command to configure the system trust state. To return to the untrusted state, use the no form of this command.
qos trust cos | dscp | tcp-udp-port
no qos trust
The default trust mode is CoS.
Global Configuration Mode
Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When the packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain.
Use this command to specify whether the port is trusted and to specify which packet fields to use to classify traffic.
If DSCP is trusted, the DSCP field of the IP packet is not modified.
If TCP-UDP-port is trusted then the packet destination port is not modified.
If CoS is trusted, CoS or the packet is not modified.
The following example configures the system to the trust state.
Console (config)# qos trust dscp |
Use the qos trust interface configuration command to enable each port trust state. To disable the trust state on each port use the no form of this command.
qos trust
no qos trust
This command has no default configuration.
Interface Configuration (Ethernet, port-channel) Mode
There are no user guidelines for this command.
The following example configures port 1/e5 to the trust state.
Console (config)# interface ethernet 1/e5 Console (config-if)# qos trust |
Use the qos cos interface configuration command to configure the default port CoS value. To return to the default setting, use the no form of this command.
qos cos default-cos
no qos cos default-cos
Port CoS value is 0.
Interface Configuration (Ethernet, port-channel) Mode
The default value assigns a CoS value to all untagged packets entering the port.
The following example configures port 1/e5 default CoS value to 3.
Console (config)# interface ethernet 1/e5 Console (config-if)# qos cos 3 |
Use the qos map tcp-port-queue global configuration command to modify the TCP-Port to DSCP table. To delete table entries use the no form of this command. When there are no entries to delete and the no form of this command is used, the entire table is deleted.
qos map tcp-port-dscp port1...port8 to queue-id
no qos map tcp-port-dscp [port1...port8]
The table is empty.
Global Configuration Mode
This command maps the TCP destination port in the ingress packet to a specified queue.
This map is used when the TCP trust mode is enabled and when trust command is enabled.
The following example modifies the mapped TCP ports 2000 and 80 to queue 2.
Console (config)# qos map tcp-port-queue 2000 80 to 2 |
Use the qos map udp-port-queue global configuration command to modify the UDP-Port to DSCP table. To delete table entries, use the no form of this command. When there are no entries to delete and the no form of this command is used, the entire table is deleted.
qos map udp-port-dscp port1...port8 to queue-id
no qos map udp-port-dscp [port1...port8]
The table is empty.
Global Configuration Mode
This command maps the UDP destination port in the ingress packet to a specified queue.
This map is used when the UDP trust mode is enabled and when the trust command is enabled.
The following example modifies the mapped UDP ports 2000 and 80 to queue 2.
Console (config)# qos map udp-port-queue 2000 80 to 2 |
Use the show qos map user EXEC command to display all the QoS maps.
show qos map [dscp-queue | tcp-port-queue | udp-port-queue
This command has no default configuration.
User EXEC command
There are no user guidelines for this command.
The following example displays the DSCP queue map.
The following table appears if tcp-port-queue is supported.
Tcp port-queue map: Port queue ----- ------ 6000 1 6001 2 6002 3 |
