Home » D-Link Manuals » Hubs & Switches » D-Link DES-3528 » Manual Viewer

D-Link DES-3528 Product Manual - Page 193

CPU Access Profile List, CPU Access Profile List window

UPC - 790069314346

Add to My Manuals
Save this manual to your list of manuals

Page 193 highlights

xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide CPU Access Profile List Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward them or filter them, based on the user's implementation. As an added feature for the CPU Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately enabling them. NOTE: CPU Interface Filtering is used to control traffic access to the Switch directly such as protocols transition or management access. A CPU interface filtering rule won't impact normal L2/3 traffic forwarding. However, a improper CPU interface filtering rule may cause the network to become unstable. To view CPU Access Profile List window, click ACL > CPU Access Profile List, as shown below: Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the Switch will use to determine what to do with the frame. The entire process is described below. Users may globally enable or disable the CPU Interface Filtering State mechanism by using the radio buttons to change the running state. Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny. Figure 7-23 CPU Access Profile List window The fields that can be configured are described below: Parameter Description CPU Interface Filtering State Enable or disable the CPU interface filtering state. Click the Apply button to accept the changes made. Click the Add CPU ACL Profile button to add an entry to the CPU ACL Profile List. Click the Delete All button to remove all access profiles from this table. Click the Show Details button to display the information of the specific profile ID entry. Click the Add/View Rules button to view or add CPU ACL rules within the specified profile ID. Click the Delete button to remove the specific entry. There are four Add CPU ACL Profile windows; 184

Section	Page
Intended Readers	10
Typographical Conventions	10
Notes, Notices and Cautions	10
Chapter 1 Web-based Switch Configuration	11
Introduction	11
Login to the Web Manager	11
Web-based User Interface	12
Web Pages	13
Chapter 2 System Configuration	14
Device Information	14
System Information Settings	15
Dual Configuration Settings	16
Firmware Information Settings	17
Port Configuration	18
PoE	21
Serial Port Settings	24
System Log configuration	25
Time Range Settings	29
Time Settings	29
User Accounts Settings	30
Stacking	31
Chapter 3 Management	35
ARP	35
Gratuitous ARP	37
IPv6 Neighbor Settings	38
IP Interface	39
Management Settings	43
Session Table	44
Single IP Management	44
SNMP Settings	54
Telnet Settings	64
Web Settings	64
Chapter 4 L2 Features	65
VLAN	65
Q-in-Q	88
Layer 2 Protocol Tunneling Settings	90
Spanning Tree	91
Link Aggregation	100
FDB	103
L2 Multicast Control	107
Multicast Filtering	132
ERPS Settings	136
LLDP	139
Chapter 5 L3 Features	149
Local Route Settings	149
IPv4 Static/Default Route Settings	149
IPv4 Route Table	150
IPv6 Static/Default Route Settings	151
IPv6 Route Table	151
Policy Route Settings	152
IP Forwarding Table	153
Chapter 6 QoS	154
802.1p Settings	156
Bandwidth Control	159
Traffic Control Settings	161
DSCP	164
HOL Blocking Prevention	167
Scheduling Settings	168
SRED	171
Chapter 7 ACL	174
ACL Configuration Wizard	174
Access Profile List	175
CPU Access Profile List	193
ACL Finder	207
ACL Flow Meter	208
Chapter 8 Security	211
802.1X	211
RADIUS	224
IP-MAC-Port Binding (IMPB)	229
MAC-based Access Control (MAC)	236
Web-based Access Control (WAC)	240
Japanese Web-based Access Control (JWAC)	245
Compound Authentication	252
Port Security	256
ARP Spoofing Prevention Settings	258
BPDU Attack Protection	259
Loopback Detection Settings	261
Traffic Segmentation Settings	262
NetBIOS Filtering Settings	263
DHCP Server Screening	264
Access Authentication Control	265
SSL Settings	274
SSH	276
Trusted Host Settings	280
Safeguard Engine Settings	281
Chapter 9 Network Application	284
DHCP	284
DNS	296
PPPoE Circuit ID Insertion Settings	298
SNTP	299
Chapter 10 OAM	302
CFM	302
Ethernet OAM	311
DULD Settings	315
Cable Diagnostics	316
Chapter 11 Monitoring	318
Utilization	318
Statistics	320
Mirror	332
sFlow	334
Ping Test	337
Trace Route	338
Peripheral	340
Chapter 12 Save and Tools	341
Save Configuration ID 1	341
Save Configuration ID 2	341
Save Log	342
Save All	342
Stacking Information	342
Download Firmware	344
Download Configuration File	344
Upload Configuration File	345
Upload Log File	346
Reset	347
Reboot System	347
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	348
How Address Resolution Protocol Works	348
How ARP Spoofing Attacks a Network	350
Prevent ARP Spoofing via Packet Content ACL	351
Configuration	351
Appendix B System Log and Trap List	354
System Log Entries	354
DES-3528/DES-3552 Series Trap List	362
Proprietary Trap List	362
Appendix C Password Recovery Procedure	365

Match case Limit results 1 per page

xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide

CPU Access Profile List

Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This

added feature increases the running security of the Switch by enabling the user to create a list of access rules for

packets destined for the Switch’s CPU interface. Employed similarly to the Access Profile feature previously mentioned,

CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will

either forward them or filter them, based on the user’s implementation. As an added feature for the CPU Filtering, the

Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists

of rules without immediately enabling them.

NOTE:

CPU Interface Filtering is used to control traffic access to the Switch directly such as protocols

transition or management access. A CPU interface filtering rule won’t impact normal L2/3 traffic

forwarding. However, a improper CPU interface filtering rule may cause the network to become

unstable.

To view CPU Access Profile List window, click

ACL > CPU Access Profile List

, as shown below:

Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a

frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is

entering the criteria the Switch will use to determine what to do with the frame. The entire process is described below.

Users may globally enable or disable the CPU Interface Filtering State mechanism by using the radio buttons to

change the running state. Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to

disallow this scrutiny.

Figure 7-23 CPU Access Profile List window

The fields that can be configured are described below:

Parameter

Description

CPU Interface Filtering

State

Enable or disable the CPU interface filtering state.

Click the

Apply

button to accept the changes made.

Click the

Add CPU ACL Profile

button to add an entry to the

CPU

ACL Profile List

Click the

Delete All

button to remove all access profiles from this table.

Click the

Show Details

button to display the information of the specific profile ID entry.

Click the

Add/View Rules

button to view or add CPU ACL rules within the specified profile ID.

Click the

Delete

button to remove the specific entry.

There are four

Add CPU ACL Profile

windows;

184