Home » Netgear Manuals » Hubs & Switches » Netgear GS716Tv2 » Manual Viewer

Netgear GS716Tv2 GS716Tv2/GS724Tv3 Software Admin Manual - Page 176

IP Extended Rule, Table, 35. IP ACL Rule Configuration Fields continued

Add to My Manuals
Save this manual to your list of manuals

Page 176 highlights

GS716Tv2 and GS724Tv3 Software Administration Manual Table 5-35. IP ACL Rule Configuration Fields (continued) Field Action Assign Queue ID Match Every Source IP Address Source IP Mask Description Selects the ACL forwarding action, which is one of the following: • Permit - Forwards packets which meet the ACL criteria. • Deny - Drops packets which meet the ACL criteria. Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Enter an identifying number from 0-3 in the appropriate field. Requires a packet to match the criteria of this ACL. Select True or False from the drop down menu. Match Every is exclusive to the other filtering rules, so if Match Every is True, the other rules on the screen are not available. Requires a packet's source port IP address to match the address listed here. Enter an IP Address in the appropriate field using dotted-decimal notation. The address you enter is compared to a packet's source IP Address. Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for the network address, and has zeros (0's) for the bit positions that are not used. In contrast, a wildcard mask has (0's) in a bit position that must be checked. A '1' in a bit position of the ACL mask indicates the corresponding bit can be ignored. This field is required when you configure a source IP address. IP Extended Rule Use the IP Extended Rules page to define rules for IP-based extended ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and the packet is dropped. To display the IP extended Rules page: 5-50 v1.0, July 2009 Managing Device Security

Section	Page
GS716Tv2 and GS724Tv3 Software Administration Manual	1
Contents	5
About This Manual	11
Audience	11
Organization	11
Conventions, Formats and Scope	12
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Getting Started	17
Connecting the Switch to the Network	17
Switch Management Interface	18
SmartWizard Discovery in a Network with a DHCP Server	19
SmartWizard Discovery in a Network without a DHCP Server	20
Manually Assigning Network Parameters	21
Configuring the Network Settings on the Administrative System	22
SmartWizard Discovery Utilities	22
Password Change	23
Firmware Upgrade	23
Exit	24
Understanding the User Interfaces	25
Using the Web Interface	25
Navigation Tabs	27
Configuration and Monitoring Options	28
Device View	29
Help Page Access	30
User-Defined Fields	30
Using SNMP	30
Common Parameter Values	31
Interface Naming Convention	32
Chapter 2 Configuring System Information	33
System Information	33
Defining System Information	35
Network Connectivity	35
Time	37
Time Configuration	38
SNTP Global Status	40
SNTP Server Configuration	42
SNTP Server Status	43
Denial of Service	45
Green Ethernet Configuration	47
SNMP V1/V2	48
Community Configuration	49
Trap Configuration	51
Trap Flags	52
SNMP v3 User Configuration	53
LLDP	55
LLDP Configuration	55
LLDP Port Settings	56
Local Information	59
Neighbors Information	62
Chapter 3 Configuring Switching Information	65
Configuring and Viewing Device Port Information	65
Port Configuration	65
Flow Control	68
Creating LAGs	69
LAG Configuration	69
LAG Membership	71
LACP Configuration	72
LACP Port Configuration	73
Managing VLANs	74
VLAN Configuration	74
VLAN Membership Configuration	76
Port VLAN ID Configuration	78
Configuring Spanning Tree Protocol	80
STP Switch Configuration/Status	81
CST Configuration	83
CST Port Configuration	85
CST Port Status	87
Rapid STP Configuration	88
MST Configuration	90
MST Port Configuration	91
STP Statistics	95
Configuring IGMP Snooping	96
Global Configuration	96
IGMP Snooping Interface Configuration	98
Viewing Multicast Forwarding Database Information	99
IGMP Snooping Table	100
MFDB Table	101
MFDB Statistics	103
IGMP Snooping VLAN Configuration	104
Configuring IGMP Snooping Queriers	106
IGMP Snooping Querier Configuration	107
IGMP Snooping Querier VLAN Configuration	108
IGMP Snooping Querier VLAN Status	109
Searching and Configuring the Forwarding Database	111
Searching the MAC Address Table	111
Dynamic Address Configuration	113
MAC Address Table	114
Static MAC Address	116
Chapter 4 Configuring Quality of Service	119
Configuring Class of Service	119
Basic CoS Configuration	120
CoS Interface Configuration	121
Interface Queue Configuration	123
802.1p to Queue Mapping	124
DSCP to Queue Mapping	125
Chapter 5 Managing Device Security	127
Management Security Settings	127
Change Password	128
RADIUS Configuration	129
Global Configuration	129
Server Configuration	131
Accounting Server Configuration	133
Configuring TACACS+	136
TACACS+ Configuration	136
Server Configuration	137
Authentication List Configuration	139
Configuring Management Access	141
HTTP Configuration	141
Secure HTTP Configuration	142
Certificate Download	144
Access Profile Configuration	145
Access Rule Configuration	147
Port Authentication	148
802.1X Configuration	149
Port Authentication	150
Port Summary	154
Traffic Control	156
MAC Filter Configuration	156
MAC Filter Summary	158
Storm Control	159
Port Security Configuration	160
Port Security Interface Configuration	161
Security MAC Address	163
Protected Ports Membership	164
Configuring Access Control Lists	165
MAC ACL	166
MAC Rules	168
MAC Binding Configuration	170
MAC Binding Table	171
IP ACL	173
IP Rules	174
IP Extended Rule	176
IP Binding Configuration	180
IP Binding Table	182
Chapter 6 Monitoring the System	183
Switch Statistics	183
Viewing Port Statistics	186
Port Statistics	186
Port Detailed Statistics	187
EAP Statistics	194
Managing Logs	196
Memory Logs	196
FLASH Log Configuration	198
Server Log Configuration	201
Trap Logs	203
Event Logs	204
Configuring Port Mirroring	205
Multiple Port Mirroring	205
Chapter 7 Maintenance	207
Reset	207
Rebooting the Switch	207
Reset Configuration to Defaults	208
Upload File From Switch	209
Uploading Files	211
Download File To Switch	211
TFTP File Download	212
Downloading a File to the Switch	214
HTTP File Download	214
File Management	216
Dual Image Configuration	216
Viewing the Dual Image Status	218
Troubleshooting	219
Ping	219
TraceRoute	220
Appendix A Hardware Specifications and Default Values	223
GS7xxT Gigabit Smart Switch Specifications	223
GS7xxTR Gigabit Smart Switch Features and Defaults	224
Appendix B Configuration Examples	227
Virtual Local Area Networks (VLANs)	227
VLAN Example Configuration	228
Access Control Lists (ACLs)	230
MAC ACL Example Configuration	231
Standard IP ACL Example Configuration	232
802.1X	234
802.1X Example Configuration	236
MSTP	237
MSTP Example Configuration	239

Match case Limit results 1 per page

GS716Tv2 and GS724Tv3 Software Administration Manual

5-50

Managing Device Security

v1.0, July 2009

IP Extended Rule

Use the IP Extended Rules

page to define rules for IP-based extended ACLs. The access list

definition includes rules that specify whether traffic matching the criteria is forwarded normally or

discarded.

To display the IP extended Rules page:

Action

Selects the ACL forwarding action, which is one of the following:

•

Permit — Forwards packets which meet the ACL criteria.

•

Deny — Drops packets which meet the ACL criteria.

Assign Queue ID

Specifies the hardware egress queue identifier used to handle all

packets matching this ACL rule. Enter an identifying number from 0–3 in

the appropriate field.

Match Every

Requires a packet to match the criteria of this ACL. Select True or False

from the drop down menu. Match Every is exclusive to the other filtering

rules, so if Match Every is True, the other rules on the screen are not

available.

Source IP Address

Requires a packet’s source port IP address to match the address listed

here. Enter an IP Address in the appropriate field using dotted-decimal

notation. The address you enter is compared to a packet's source IP

Address.

Source IP Mask

Specifies the source IP address wildcard mask. Wild card masks

determines which bits are used and which bits are ignored. A wild card

mask of 255.255.255.255 indicates that no bit is important. A wildcard of

0.0.0.0 indicates that all of the bits are important. Wildcard masking for

ACLs operates differently from a subnet mask. A wildcard mask is in

essence the inverse of a subnet mask. With a subnet mask, the mask

has ones (1's) in the bit positions that are used for the network address,

and has zeros (0's) for the bit positions that are not used. In contrast, a

wildcard mask has (0’s) in a bit position that must be checked. A ‘1’ in a

bit position of the ACL mask indicates the corresponding bit can be

ignored. This field is required when you configure a source IP address.

Note:

There is an implicit “deny all” rule at the end of an ACL list. This means that if an

ACL is applied to a packet and if none of the explicit rules match, then the final

implicit “deny all” rule applies and the packet is dropped.

Table

5-35. IP ACL Rule Configuration Fields (continued)

Field

Description