D-Link DGS-3612G Product Manual - Page 343

xStack® DGS-3600 Series Layer 3 Managed Gigabit Ethernet Switch Figure 6- 23. ACL Flow Meter Display window CPU Interface Filtering Due to a chipset limitation and the need for extra switch security, the Switch incorporates CPU Interface filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU interface filtering examines Ethernet, IP, Packet Content Mask and IPv6 packet headers destined for the CPU and will either forward them or filter them, based on the user's implementation. As an added feature for the CPU Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately enabling them. Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the Switch will use to determine what to do with the frame. The entire process is described below. CPU Interface Filtering State In the following window, the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull-down menu to change the running state. To view this window, click ACL > CPU Interface Filtering > CPU Interface Filtering State, as shown below: Figure 6- 24. CPU Interface Filtering State Settings window Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny. CPU Interface Filtering Table This window allows the user to create a new profile for the CPU Interface Filtering Table. 327