Home » D-Link Manuals » Hubs & Switches » D-Link DWS-4026 » Manual Viewer

D-Link DWS-4026 Product Manual - Page 348

Table 219, IP ACL Rule Configuration Fields Cont., Field, Description, Assign Queue ID

UPC - 790069325533

Add to My Manuals
Save this manual to your list of manuals

Page 348 highlights

D-Link Unified Access System Software User Manual 12/10/09 Field Rule Rule ID Action Logging Assign Queue ID Mirror Interface Match Every Protocol Keyword Protocol Number Source IP Address Table 219: IP ACL Rule Configuration Fields (Cont.) Description Select an existing Rule ID to modify or select Create Rule to configure a new ACL Rule. New rules cannot be created if the maximum number of rules has been reached. For each rule, a packet must match all the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny) to take place. This field is only available if you select Create Rule from the Rule field. Enter a new Rule ID which is a whole number in the range of 1 to 12 that will be used to identify the rule. After you click Submit, the new ID is created and you can configure the rule settings. The number of rules you can create in an ACL is platform dependent. Selects the ACL forwarding action. Click Configure to change the action. Select the desired action from the dropdown menu, and then click Submit or Cancel to return to the Rule Configuration page. Possible values are; • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets which meet the ACL criteria. This field is only visible for a Deny Action. When set to True, logging is enabled for this ACL rule (subject to resource availability in the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated indicating the number of times this rule went into effect during the current report interval. A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is only visible when the Action is Permit. Use this field to specify the hardware egress queue identifier used to handle all packets matching this AP ACL Rule. Click Configure, and then enter an identifying queue number (0 to 7) in the appropriate field. Click Submit or Cancel to return to the Rule Configuration page. This field is only visible when the Action is Permit. Use this field to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. Click Configure, and then select an interface from the dropdown list. Packets that meet the rule are mirrored on the interface you select. Click Submit or Cancel to return to the Rule Configuration page. Requires a packet to match the criteria of this ACL. Click Configure, and then select True or False from the dropdown list. Then click Submit or Cancel to return to the Rule Configuration page. True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen do not appear. To configure specific match criteria for the rule, remove the rule and re-create it, or reconfigure 'Match Every' to 'False' for the other match criteria to be visible. Specify that a packet's IP protocol is a match condition for the selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, and UDP. Either the 'Protocol Keyword' field or the 'Protocol Number' field can be used to specify an IP protocol value as a match criteria. Click Configure, and then select the protocol keyword from the dropdown list. Click Submit or Cancel to return to the Rule Configuration page. Specify that a packet's IP protocol is a match condition for the selected IP ACL rule and identify the protocol by number. The protocol number is a standard value assigned by IANA and is interpreted as a integer from 0 to 255. Either the 'Protocol Number' field or the 'Protocol Keyword' field can be used to specify an IP protocol value as a match criteria. Requires a packet's source port IP address to match the address listed here. Click Configure, and then enter an IP Address in the appropriate field using dotted-decimal notation. The address you enter is compared to a packet's source IP Address. You also configure the Source IP Mask on the page. Page 348 Configuring Access Control Lists Document 34CSFP6XXUWS-SWUM100-D7

Section	Page
Table of Contents	5
List of Tables	33
About This Document	43
Audience	43
Organization	43
Additional Documentation	44
Document Conventions	44
Section 1: Getting Started	45
Connecting the Switch to the Network	45
Understanding the User Interfaces	47
Using the Web Interface	48
Device View	49
Navigation Tree View	50
Configuration and Monitoring Options	51
Help Page Access	51
Using the Command-Line Interface	52
Using SNMP	53
Section 2: System Administration	55
Viewing ARP Cache	56
Viewing Inventory Information	57
Viewing the Dual Image Status	57
System Description	58
Defining System Information	60
Switch Configuration	60
Card Configuration	61
PoE Configuration	62
PoE Status	64
Serial Port	65
IP Address	66
Network DHCP Client Options	68
HTTP Configuration	69
User Accounts	70
Adding a User Account	71
Changing User Account Information	72
Deleting a User Account	72
Authentication List Configuration	72
Creating an Authentication List	74
Configuring an Authentication List	74
Deleting an Authentication List	74
Authentication List Summary	75
Login Session	76
User Login	77
Assigning a User to an Authentication List	77
Denial of Service Protection	78
Multiple Port Mirroring	79
Adding a Port Mirroring Session	80
Removing or Modifying a Port Mirroring Session	81
Configuring and Searching the Forwarding Database	82
Configuration	82
Search	83
Searching the Forwarding Database	83
Managing Logs	84
Buffered Log Configuration	85
Viewing Buffered Log Messages	85
Command Logger Configuration	86
Console Log Configuration	86
Event Log	87
Hosts Configuration	89
Adding a Remote Logging Host	89
Deleting a Remote Logging Host	90
Persistent Log Configuration	90
Persistent Log	91
Syslog Configuration	92
Telnet Sessions	93
Outbound Telnet Client Configuration	94
Ping Test	95
Configuring SNTP Settings	96
SNTP Settings	97
SNTP Server Configuration	98
SNTP Server Status	99
SNTP Global Status	100
Time Zone Configuration	101
Summer Time Configuration	103
Summer Time Recurring Configuration	104
Clock Detail	105
Configuring and Viewing Device Slot Information	106
Configuration	106
Summary	108
Configuring and Viewing Device Port Information	109
Port Configuration	109
Port Summary	112
Port Description	115
Multiple Port Mirroring	115
Multiple Port Mirroring	115
Adding a Port Mirroring Session	116
Removing or Modifying a Port Mirroring Session	117
Double VLAN Tunneling	117
Double VLAN Tunneling Summary	118
Configuring sFlow	120
sFlow Agent Summary	120
sFlow Receiver Configuration	121
sFlow Poller Configuration	122
Counter Sampling	122
sFlow Sampler Configuration	123
Packet Flow Sampling	123
Defining SNMP Parameters	124
SNMP v1 and v2	124
SNMP v3	124
SNMP Community Configuration	125
Trap Receiver Configuration	126
Trap Flags	127
Supported MIBs	128
Viewing System Statistics	129
Switch Detailed	129
Switch Summary	132
Port Detailed	133
Port Summary Statistics	137
Using System Utilities	139
Save All Applied Changes	139
System Reset	140
Reset Configuration to Defaults	140
Reset Passwords to Defaults	140
Download File To Switch (TFTP)	142
Downloading a File to the Switch	144
Upload File From Switch (TFTP)	145
Uploading Files	146
Multiple Image Service	146
HTTP File Download	147
Erase Startup-config File	148
AutoInstall	148
TraceRoute	149
Trap Log	151
Managing the DHCP Server	152
Global Configuration	152
Pool Configuration	154
Pool Options	157
Reset Configuration	158
DHCP Server Summary	158
Bindings Information	158
Server Statistics	160
Conflicts Information	161
Configuring DNS	162
Global Configuration	162
Server Configuration	163
DNS Host Name IP Mapping Configuration	163
DNS Host Name IP Mapping Summary	164
Configuring SNTP Settings	166
SNTP Global Configuration	167
SNTP Server Configuration	169
Configuring and Viewing ISDP Information	170
Global Configuration	170
Cache Table	171
Cache Table	171
Interface Configuration	172
Statistics	172
Section 3: Configuring L2 Features	175
Configuring DHCP Snooping	176
Global DHCP Snooping Configuration	176
DHCP Snooping VLAN Configuration	177
DHCP Snooping Interface Configuration	177
DHCP Snooping Binding Configuration	178
DHCP Snooping Statistics	181
Configuring DHCP L2 Relay	182
DHCP L2 Relay Global Configuration	182
DHCP L2 Relay Interface Configuration	183
DHCP L2 Relay VLAN Configuration	184
DHCP L2 Relay Interface Statistics	184
Managing VLANs	186
VLAN Configuration	186
VLAN Status	188
VLAN Port Configuration	189
VLAN Port Summary	190
Reset VLAN Configuration	191
Configuring Protected Ports	192
Protected Port Configuration	192
Assigning Ports to a Group	193
Protected Ports Summary	193
Managing Protocol-Based VLANs	194
Configuration	194
Protocol-Based VLAN Summary	195
Managing IP Subnet-Based VLANs	197
Configuration	197
Summary	198
Managing MAC-Based VLANs	199
MAC-based VLAN Configuration	199
MAC-based VLAN Summary	199
Voice VLAN Configuration	200
Creating MAC Filters	202
Adding MAC Filters	203
Modifying MAC Filters	203
Deleting MAC Filters	203
MAC Filter Summary	203
Configuring GARP	203
GARP Status	204
GARP Switch Configuration	206
GARP Port Configuration	207
Configuring Dynamic ARP Inspection	208
DAI Configuration	208
DAI VLAN Configuration	209
DAI Interface Configuration	210
DAI ARP ACL Configuration	211
DAI ARP ACL Rule Configuration	211
Dynamic ARP Inspection Statistics	212
Configuring IGMP Snooping	214
Global Configuration and Status	215
Interface Configuration	216
VLAN Configuration	217
VLAN Status	218
Multicast Router Configuration	219
Multicast Router Status	219
Multicast Router VLAN Configuration	221
Multicast Router VLAN Status	222
Configuring IGMP Snooping Queriers	223
IGMP Snooping Querier Configuration	223
IGMP Snooping Querier VLAN Configuration	224
IGMP Snooping Querier VLAN Configuration Summary	225
IGMP Snooping Querier VLAN Status	226
Configuring MLD Snooping	227
Configuration and Status	227
Interface Configuration	228
VLAN Status	229
VLAN Configuration	229
Multicast Router Configuration	231
Multicast Router Status	231
Multicast Router VLAN Configuration	232
Multicast Router VLAN Status	232
Configuring MLD Snooping Queriers	234
MLD Snooping Querier Configuration	234
MLD Snooping Querier VLAN Configuration	235
MLD Snooping Querier VLAN Configuration Summary	236
MLD Snooping Querier VLAN Status	237
Creating Port Channels (Trunking)	238
Port Channel Configuration	238
Port Channel Status	240
Viewing Multicast Forwarding Database Information	241
MFDB Table	241
MFDB GMRP Table	242
MFDB IGMP Snooping Table	243
MFDB MLD Snooping Table	244
MFDB Statistics	244
Configuring Spanning Tree Protocol	246
Switch Configuration/Status	247
CST Configuration/Status	248
MST Configuration/Status	250
CST Port Configuration/Status	252
MST Port Configuration/Status	254
Statistics	257
Configuring Port Security	258
Port Security Administration	258
Port Security Interface Configuration	259
Port Security Static	260
Port Security Dynamic	261
Port Security Violation Status	262
Managing LLDP	263
Global Configuration	264
Interface Configuration	265
Interface Summary	266
Statistics	267
Local Device Information	268
Local Device Summary	269
Remote Device Information	270
Remote Device Summary	271
LLDP-MED	272
LLDP-MED Global Configuration	272
LLDP-MED Interface Configuration	273
LLDP-MED Interface Summary	274
LLDP Local Device Information	274
LLDP-MED Remote Device Information	276
Section 4: Configuring L3 Features	279
Configuring ARP	279
ARP Create	280
ARP Table Configuration	281
Configuring Global and Interface IP Settings	283
IP Configuration	283
IP Interface Configuration	285
Helper IP Interface Configuration	286
IP Statistics	287
Managing the BOOTP/DHCP Relay Agent	290
BOOTP/DHCP Relay Agent Configuration	291
BOOTP/DHCP Relay Agent Status	292
Configuring RIP	293
RIP Configuration	293
RIP Interface Configuration	294
Configuring the RIP Interface	295
RIP Interface Summary	296
RIP Route Redistribution Configuration	297
RIP Route Redistribution Summary	298
Router Discovery	299
Router Discovery Configuration	299
Router Discovery Status	301
Router	302
Route Table	302
Best Routes Table	304
Configured (Static) Routes	305
Adding a Static Route	305
Deleting a Route	307
Route Preferences Configuration	308
VLAN Routing	309
VLAN Routing Configuration	309
Creating a VLAN Routing Interface	310
Deleting a VLAN Router Interface	310
VLAN Routing Summary	311
Virtual Router Redundancy Protocol (VRRP)	312
VRRP Configuration	312
Virtual Router Configuration	313
Configuring a Secondary VRRP Address	314
Creating a New Virtual Router	314
Modifying a Virtual Router	314
VRRP Interface Tracking Configuration	315
VRRP Interface Tracking	316
VRRP Route Tracking Configuration	316
VRRP Route Tracking	317
Virtual Router Status	318
Virtual Router Statistics	319
Loopback Interfaces	321
Loopbacks Configuration	321
Creating a New Loopback (IPv4)	322
Configuring an Existing Loopback	323
Removing a Loopback	323
Removing a Secondary Address	323
Loopback Summary	324
Section 5: Configuring Quality of Service	325
Configuring Differentiated Services	326
Defining DiffServ	326
Diffserv Configuration	326
Class Configuration	328
Policy Configuration	330
Policy Class Definition	332
Service Configuration	334
Configuring Class of Service	335
Mapping 802.1p Priority	335
Trust Mode Configuration	336
IP DSCP Mapping Configuration	338
CoS Interface Configuration	338
CoS Interface Queue Configuration	340
Configuring Auto VoIP	342
Auto VoIP Configuration	342
Section 6: Configuring Access Control Lists	344
IP Access Control Lists	345
IP ACL Configuration	345
IP ACL Rule Configuration	346
Modifying an IP-based Rule	350
Adding a New Rule to an IP-based ACL	350
Deleting a Rule from an IP-based ACL	351
MAC Access Control Lists	351
MAC ACL Configuration	351
MAC ACL Rule Configuration	352
Adding a New Rule to a MAC-based ACL	355
Removing a Rule From a MAC-based ACL	355
ACL Interface Configuration	355
Assigning an ACL to an Interface	356
Removing an ACL from an Interface	357
Section 7: Managing Device Security	359
Captive Portal Configuration	359
Captive Portal Global Configuration	359
CP Configuration	361
Changing the Captive Portal Settings	362
Customizing the Captive Portal Web Page	364
Local User	369
Adding a Local User	370
Configuring Users in the Local Database	371
Configuring Users in a Remote RADIUS Server	372
Interface Association	373
CP Global Status	375
Viewing CP Activation and Activity Status	375
Interface Status	377
Viewing Interface Activation Status	377
Viewing Interface Capability Status	377
Client Connection Status	378
Viewing Client Details	379
Viewing the Client Statistics	380
Viewing the Client Interface Association Status	381
Viewing the Client CP Association Status	382
SNMP Trap Configuration	382
Port Access Control	383
Global Port Access Control Configuration	384
Port Configuration	385
Port Access Entity Capability Configuration	386
Supplicant Port Configuration	387
User Login Configuration	389
Port Access Privileges	390
RADIUS Settings	391
RADIUS Configuration	391
RADIUS Server Configuration	392
Viewing Named Server Status Information	394
RADIUS Accounting Server Configuration	395
Viewing Named Accounting Server Status	396
Clear Statistics	397
TACACS+ Settings	398
TACACS+ Configuration	398
TACACS+ Server Configuration	399
Secure HTTP	400
Secure HTTP Configuration	400
Generating Certificates	401
Downloading SSL Certificates	401
Secure Shell	403
Secure Shell Configuration	403
Downloading SSH Host Keys	404
Section 8: Configuring the Wireless Features	405
D-Link Unified Access System Components	405
DWS-4026 Unified Switch	406
DWL-8600AP Unified Access Point	406
Unified Switch and AP Discovery Methods	406
L2 Discovery	407
IP Address of AP Configured in the Switch	407
IP Address of Switch Configured in the AP	407
Configuring the DHCP Option	408
Discovery and Peer Switches	411
Basic Setup	411
Wireless Global Configuration	411
Wireless Discovery Configuration	414
L3/IP Discovery	415
L2/VLAN Discovery	416
Profile	416
Radio	417
SSID Configuration	423
Managing Virtual Access Point Configuration	423
Configuring the Default Network	424
Configuring AP Security	431
Using No Security	431
Using Static or Dynamic WEP	431
Static WEP Rules	433
Using WPA/WPA2 Personal or Enterprise	433
Valid Access Point Summary	436
Valid Access Point Configuration	437
Local OUI Database Summary	439
AP Management	441
Reset	441
RF Management	441
Configuring Channel Plan and Power Settings	442
Viewing the Channel Plan History	444
Initiating Manual Channel Plan Assignments	445
Initiating Manual Power Adjustments	446
Access Point Software Download	446
Managed AP Advanced Settings	448
Debugging the AP	449
Adjusting the Channel and Power	450
Monitoring Status and Statistics	452
Wireless Global Status/Statistics	452
Viewing Switch Status and Statistics Information	455
Viewing IP Discovery Status	456
Viewing the Peer Switch Configuration Received Status	457
Viewing the AP Hardware Capability List	458
AP Hardware Radio Capability	459
All AP Status	460
Managed AP Status	462
Monitoring AP Status	462
Viewing Detailed Managed Access Point Status	464
Viewing Managed Access Point Radio Summary Information	466
Viewing Detailed Managed Access Point Radio Information	466
Viewing Managed Access Point Neighbor APs	467
Viewing Clients Associated with Neighbor Access Points	468
Viewing Managed Access Point VAPs	469
Viewing Distributed Tunneling Information	469
Managed Access Point Statistics	470
Viewing Managed Access Point Ethernet Statistics	471
Viewing Detailed Managed Access Point Statistics	471
Viewing Managed Access Point Radio Statistics	472
Viewing Managed Access Point VAP Statistics	474
Viewing Distributed Tunneling Statistics	474
Associated Client Status/Statistics	475
Viewing Associated Client Summary Status	476
Viewing Detailed Associated Client Status	477
Viewing Associated Client QoS Status	478
Viewing Associated Client Neighbor AP Status	479
Viewing Associated Client Distributed Tunneling Status	480
Viewing SSID Associated Client Status	481
Viewing VAP Associated Client Status	481
Viewing Switch Associated Client Status	482
Viewing Associated Client Statistics	482
Viewing Detailed Associated Client Association Statistics	484
Viewing Detailed Associated Client Session Statistics	484
Peer Switch Status	485
Viewing Peer Switch Configuration Status	486
Viewing Peer Switch Managed AP Status	487
Monitoring and Managing Intrusion Detection	488
AP RF Scan Status	488
Viewing Access Point Triangulation Status	491
Viewing WIDS AP Rogue Classification Information	492
Detected Client Status	494
Viewing Detailed Detected Client Status	495
Viewing WIDS Client Rogue Classification	497
Viewing Detected Client Pre-Authentication History	498
Viewing Detected Client Triangulation	499
Viewing Detected Client Roam History	500
Detected Client Pre-Authentication Summary	500
Detected Client Roam History Summary	501
Ad Hoc Client Status	502
AP Authentication Failure Status	503
AP De-Authentication Attack Status	505
Configuring Advanced Settings	506
Advanced Global Settings	506
Wireless SNMP Trap Configuration	508
Distributed Tunneling Configuration	510
Known Client	511
Known Client Configuration	512
Wireless Network List	513
Configuring Networks	513
AP Profiles	514
Creating, Copying, and Deleting AP Profiles	515
Applying an AP Profile	516
Access Point Profile QoS Configuration	518
Peer Switch	521
WIDS Security	524
WIDS AP Configuration	524
WIDS Client Configuration	527
Visualizing the Wireless Network	529
Importing and Configuring a Background Image	530
Setting Up the Graph Components	531
Creating a New Graph	531

Match case Limit results 1 per page

D-Link Unified Access System

Software User Manual

12/10/09

Page

348

Configuring Access Control Lists

Document

34CSFP6XXUWS-SWUM100-D7

Rule

Select an existing Rule ID to modify or select Create Rule to configure a new ACL

Rule. New rules cannot be created if the maximum number of rules has been reached.

For each rule, a packet must match all the specified criteria in order to be true against

that rule and for the specified rule action (Permit/Deny) to take place.

Rule ID

This field is only available if you select Create Rule from the Rule field. Enter a new

Rule ID which is a whole number in the range of 1 to 12 that will be used to identify the

rule. After you click

Submit

, the new ID is created and you can configure the rule

settings. The number of rules you can create in an ACL is platform dependent.

Action

Selects the ACL forwarding action. Click

Configure

to change the action. Select the

desired action from the dropdown menu, and then click

Submit

Cancel

to return to

the Rule Configuration page. Possible values are;

•

Permit.

Forwards packets which meet the ACL criteria.

•

Deny.

Drops packets which meet the ACL criteria.

Logging

This field is only visible for a Deny Action. When set to True, logging is enabled for this

ACL rule (subject to resource availability in the device). If the Access List Trap Flag is

also enabled, this will cause periodic traps to be generated indicating the number of

times this rule went into effect during the current report interval. A fixed 5 minute report

interval is used for the entire system. A trap is not issued if the ACL rule hit count is

zero for the current interval.

Assign Queue ID

This field is only visible when the Action is Permit. Use this field to specify the hardware

egress queue identifier used to handle all packets matching this AP ACL Rule. Click

Configure

, and then enter an identifying queue number (0 to 7) in the appropriate field.

Click

Submit

Cancel

to return to the Rule Configuration page.

Mirror Interface

This field is only visible when the Action is Permit. Use this field to specify the specific

egress interface where the matching traffic stream is copied in addition to being

forwarded normally by the device. Click

Configure

, and then select an interface from

the dropdown list. Packets that meet the rule are mirrored on the interface you select.

Click

Submit

Cancel

to return to the Rule Configuration page.

Match Every

Requires a packet to match the criteria of this ACL. Click

Configure

, and then select

True or False from the dropdown list. Then click

Submit

Cancel

to return to the Rule

Configuration page. True signifies that all packets will match the selected IP ACL and

Rule and will be either permitted or denied. Match Every is exclusive to the other

filtering rules, so if Match Every is True, the other rules on the screen do not appear.

To configure specific match criteria for the rule, remove the rule and re-create it, or

reconfigure ‘Match Every’ to ‘False’ for the other match criteria to be visible.

Protocol Keyword

Specify that a packet’s IP protocol is a match condition for the selected IP ACL rule.

The possible values are ICMP, IGMP, IP, TCP, and UDP. Either the ‘Protocol

Keyword’ field or the ‘Protocol Number’ field can be used to specify an IP protocol

value as a match criteria. Click

Configure

, and then select the protocol keyword from

the dropdown list. Click

Submit

Cancel

to return to the Rule Configuration page.

Protocol Number

Specify that a packet’s IP protocol is a match condition for the selected IP ACL rule

and identify the protocol by number. The protocol number is a standard value assigned

by IANA and is interpreted as a integer from 0 to 255. Either the ‘Protocol Number’ field

or the ‘Protocol Keyword’ field can be used to specify an IP protocol value as a match

criteria.

Source IP Address

Requires a packet’s source port IP address to match the address listed here. Click

Configure

, and then enter an IP Address in the appropriate field using dotted-decimal

notation. The address you enter is compared to a packet's source IP Address. You

also configure the Source IP Mask on the page.

Table 219:

IP ACL Rule Configuration Fields (Cont.)

Field

Description