Diagnóstico de la empresa Agro Inversiones Mario, Morales 2019

Variable Value

dst-mac-mask <destination_mac_ address_mask>

Specifies the destination MAC address mask to use for this access list.

vlan-min <vid_min> vlan-max <vid_max>

Specifies the minimum and maximum VLANs to use with this access list. Both values must be specified.

vlan-tag <vtag> Specifies the VLAN tag to use with this access list.

ethertype <etype> Specifies the Ethernet protocol type to use with the

access list.

priority <ieee1p_seq> Specifies the priority value to use with this access list. drop-action {drop |

pass}

Specifies the drop action to use for this access list.

update-dscp <0 - 63> Specifies the DSCP value to update for this access list.

update-1p <0 - 7> Specifies the 802.1p value to update for this access

list. set-drop-prec

{high-drop | low-drop}

Specifies the drop precedence to configure for this access list.

block <block_name> Specifies the block name to associate with the access

list.

Removing a Layer 2 access list

Use the following procedure to remove a Layer 2 access list. Procedure steps

Step Action

1 Remove an access list by using the following command from Global Configuration mode.

no qos l2-acl <aclid>

--End--

Configuring QoS security

The NNCLI commands detailed in this section allow for the configuration and management of QoS security settings. For information on displaying this information, refer to“Displaying QoS Parameters” (page 55).

Note: Due to hardware limitations, and in a default configuration, the Ethernet Routing Switch 5500 Series model only supports 11 QoS security applications per port.

Enabling QoS ARP spoofing

Use the following procedure to enable the QoS ARP spoofing application on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Enable the QoS ARP spoofing application by using the following command from Interface Configuration mode.

qos arp spoofing [port <port_list>] enable default-ga teway <A.B.C.D>

--End--

Variable definitions

Variable Value

port <port_list> Specifies the list of ports on which to enable the QoS

ARP spoofing application. default-gateway

<A.B.C.D>

Specifies the IP address of the default gateway to use.

Disabling QoS ARP spoofing

Use the following procedure to disable the QoS ARP spoofing application on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Disable the QoS ARP spoofing application by using the following command from Interface Configuration mode.

no qos arp spoofing port <port_list>

--End--

Enabling QoS BPDU blocker

Use the following procedure to enable the QoS BPDU blocker application on the designated switch ports. This command applies to the 5500 Series switch only.

Configuring QoS security 69

Procedure steps

Step Action

1 Enable the BPDU blocker application by using the following command from Interface Configuration mode.

qos bpdu blocker port <port_list> enable

--End--

Disabling QoS BPDU blocker

Use the following procedure to disable the QoS BPDU blocker application on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Disable the BPDU blocker application by using the following command from Interface Configuration mode.

no qos bpdu blocker port <port_list>

--End--

Enabling QoS DHCP snooping and spoofing

Use the following procedure to enable QoS DHCP snooping and spoofing applications on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Enable snooping by using the following command from Interface Configuration mode.

qos dhcp snooping port <port_list> enable interface-type {access | core}

2 Enable spoofing by using the following command from Interface Configuration mode.

qos dhcp spoofing port <port_list> enable dhcp-server <A.B.C.D>

--End--

Variable definitions

Variable Value

port <port_list> Specifies the ports to enable the selected QoS DHCP

application on. interface-type {access

| core}

Specifies the interface type to use.

Disabling QoS DHCP snooping and spoofing

Use the following procedure to disable QoS DHCP snooping and spoofing applications on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Disable snooping by using the following command from Interface Configuration mode.

no qos dhcp snooping port <port_list>

2 Disable spoofing by using the following command from Interface Configuration mode.

no qos dhcp spoofing port <port_list>

--End--

Variable definitions

Variable Value

port <port_list> Specifies the ports to disable the selected QoS DHCP

application on.

Enabling QoS DoS applications

Use the following procedure to enable QoS DoS applications on the designated switch ports. This command applies to the 5500 Series switch only.

Configuring QoS security 71

Procedure steps

Step Action

1 Enable QoS DoS applications by using the following command from Interface Configuration mode.

qos dos {nachia | sqlslam | tcp-dnsport | tcp-ftpport | tcp-synfinscan | xmas} port <port_list> enable

--End-- Variable definitions Variable Value {nachia | sqlslam | tcp-dnsport | tcp-ftpport | tcp-synfinscan | xmas}

Specifies the type of QoS DoS application to enable on the selected ports.

port <port_list> Specifies the ports to enable the application on.

Disabling QoS DoS applications

Use the following procedure to disable QoS DoS applications on the designated switch ports. This command applies to the 5500 Series switch only.

Procedure steps

Step Action

1 Disable QoS DoS applications by using the following command from Interface Configuration mode.

no qos dos {nachia | sqlslam | tcp-dnsport | tcp-ftpport | tcp-synfinscan | xmas} port <port_list>

--End-- Variable definitions Variable Value {nachia | sqlslam | tcp-dnsport | tcp-ftpport | tcp-synfinscan | xmas}

Specifies the type of QoS DoS application to disable on the selected ports.