Home » Netgear Manuals » Hubs & Switches » Netgear FS728TPv2 » Manual Viewer

Netgear FS728TPv2 FS728TP Software Administration Manual - Page 182

IP Extended Rule, Source IP Address, Source IP Mask, Delete, Apply, Cancel, Security, Advanced

Add to My Manuals
Save this manual to your list of manuals

Page 182 highlights

FS728TP Smart Switch Software Administration Manual • Source IP Address. Requires a packet's source IP address to match the address listed here. Type an IP Address in the appropriate field using dotted-decimal notation. The address you enter is compared to a packet's source IP Address. • Source IP Mask. Specifies the source IP address wildcard mask. Wild card masks determines which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. 2. To delete an IP ACL rule, select the check box associated with the rule, and then click Delete. 3. To update an IP ACL rule, select the check box associated with the rule, update the desired fields, and then click Apply. You cannot modify the Rule ID of an existing IP rule. 4. Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch. 5. If you change any of the settings on the page, click Apply to send the updated configuration to the switch. Configuration changes take effect immediately. IP Extended Rule Use the IP Extended Rules page to define rules for IP-based extended ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: There is an implicit "deny all" rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit "deny all" rule applies and the packet is dropped. To display the IP extended Rules page, click Security  ACL, then click the Advanced  IP Extended Rules link. In the following figure, an extended IP ACL exists, and one rule has been configured. 182 | Chapter 5: Managing Device Security

Section	Page
FS728TP Smart Switch	1
Table of Contents	3
1. Getting Started	9
Getting Started with the FS728TP Smart Switch	10
Switch Management Interface	11
Connecting the Switch to the Network	12
Switch Discovery in a Network with a DHCP Server	13
Switch Discovery in a Network without a DHCP Server	15
Configuring the Network Settings on the Administrative System	16
Web Access	18
Smart Control Center Utilities	19
Network Utilities	19
Configuration Upload and Download	20
Firmware Upgrade	22
Viewing and Managing Tasks	24
Understanding the User Interfaces	25
Using the Web Interface	25
Using SNMP	29
Interface Naming Convention	30
2. Configuring System Information	31
Management	32
System Information	32
IP Configuration	33
Time	35
Denial of Service	40
DNS	43
Green Ethernet Configuration	46
PoE	47
PoE Configuration	47
PoE Port Configuration	48
Timer Global Configuration	50
Timer Schedule Configuration	51
SNMP	53
SNMPV1/V2	53
Trap Flags	55
SNMP v3 User Configuration	57
LLDP	58
LLDP Configuration	58
LLDP Port Settings	59
LLDP-MED Network Policy	61
LLDP-MED Port Settings	62
Local Information	63
Neighbors Information	65
Services — DHCP Filtering	70
DHCP Filtering Configuration	70
Interface Configuration	71
3. Configuring Switching Information	73
Ports	74
Port Configuration	74
Flow Control	75
Link Aggregation Groups	77
LAG Configuration	77
LAG Membership	78
LACP Configuration	80
LACP Port Configuration	81
VLANs	82
VLAN Configuration	82
VLAN Membership Configuration	83
Port VLAN ID Configuration	84
Voice VLAN	87
Voice VLAN Properties	87
Voice VLAN Port Setting	88
Voice VLAN OUI	89
Spanning Tree Protocol	91
STP Switch Configuration	91
CST Configuration	93
CST Port Configuration	95
CST Port Status	96
Rapid STP	98
MST Configuration	98
MST Port Configuration	100
STP Statistics	102
Multicast	104
IGMP Snooping	104
IGMP Snooping Querier	112
Forwarding Database	116
MAC Address Table	116
Dynamic Address Configuration	117
Static MAC Address	118
4. Configuring Quality of Service	121
Class of Service	122
Basic CoS Configuration	122
CoS Interface Configuration	123
Interface Queue Configuration	125
802.1p to Queue Mapping	126
DSCP to Queue Mapping	127
Differentiated Services	129
Defining DiffServ	129
Diffserv Configuration	130
Class Configuration	131
Policy Configuration	134
Service Configuration	137
Service Statistics	138
5. Managing Device Security	141
Management Security Settings	142
Change Password	142
RADIUS Configuration	143
Configuring TACACS+	148
Authentication List Configuration	151
Configuring Management Access	153
HTTP Configuration	153
Secure HTTP Configuration	154
Certificate Download	155
Access Profile Configuration	157
Access Rule Configuration	158
Port Authentication	160
802.1X Configuration	160
Port Authentication	161
Port Summary	165
Traffic Control	166
MAC Filter Configuration	166
MAC Filter Summary	168
Storm Control	168
Port Security Configuration	170
Port Security Interface Configuration	171
Security MAC Address	172
Protected Ports Membership	173
Configuring Access Control Lists	174
MAC ACL	174
MAC Rules	175
MAC Binding Configuration	177
MAC Binding Table	178
IP ACL	179
IP Rules	181
IP Extended Rule	182
IP Binding Configuration	185
IP Binding Table	187
6. Monitoring the System	189
Ports	190
Switch Statistics	190
Port Statistics	192
Port Detailed Statistics	193
EAP Statistics	200
Cable Test	201
System Logs	203
Memory Logs	203
FLASH Log Configuration	205
Server Log Configuration	207
Trap Logs	208
Event Logs	210
Port Mirroring	211
Multiple Port Mirroring	211
7. Maintenance	213
Reset	214
Device Reboot	214
Factory Default	214
Upload File From Switch	216
TFTP File Upload	216
HTTP File Upload	217
Download File To Switch	219
TFTP File Download	219
HTTP File Download	221
File Management	223
Dual Image Configuration	223
Dual Image Status	224
Troubleshooting	226
Ping	226
Traceroute	227
8. Help	229
Online Help	229
Support	229
User Guide	230
A. Hardware Specifications and Default Values	232
FS728TP Smart Switch Specifications	232
FS728TP Switch Features and Defaults	233
B. Configuration Examples	237
Virtual Local Area Networks (VLANs)	238
VLAN Example Configuration	239
Access Control Lists (ACLs)	240
MAC ACL Example Configuration	240
Standard IP ACL Example Configuration	242
Differentiated Services (DiffServ)	243
Class	243
DiffServ Traffic Classes	244
Creating Policies	244
DiffServ Example Configuration	245
802.1X	247
802.1X Example Configuration	248
MSTP	250
MSTP Example Configuration	251
C. Notification of Compliance	254

Match case Limit results 1 per page

182

Chapter 5:

Managing Device Security

FS728TP Smart Switch Software Administration Manual

•

Source IP Address

. Requires a packet’s source IP address to match the address

listed here. Type an IP Address in the appropriate field using dotted-decimal notation.

The address you enter is compared to a packet's source IP Address.

•

Source IP Mask

. Specifies the source IP address wildcard mask. Wild card masks

determines which bits are used and which bits are ignored. A wild card mask of

255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that

all of the bits are important. Wildcard masking for ACLs operates differently from a

subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For

example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type

0.0.0.255 in the Source IP Mask field. This field is required when you configure a

source IP address.

To delete an IP ACL rule, select the check box associated with the rule, and then click

Delete

To update an IP ACL rule, select the check box associated with the rule, update the desired

fields, and then click

Apply

. You cannot modify the Rule ID of an existing IP rule.

Click

Cancel

to cancel the configuration on the screen and reset the data on the screen to

the latest value of the switch.

If you change any of the settings on the page, click

Apply

to send the updated configuration

to the switch. Configuration changes take effect immediately.

IP Extended Rule

Use the IP Extended Rules

page to define rules for IP-based extended ACLs. The access list

definition includes rules that specify whether traffic matching the criteria is forwarded

normally or discarded.

Note:

There is an implicit “deny all” rule at the end of an ACL list. This

means that if an ACL is applied to a packet and if none of the explicit

rules match, then the final implicit “deny all” rule applies and the

packet is dropped.

To display the IP extended Rules page, click

Security



ACL

, then click the

Advanced



Extended Rules

link. In the following figure, an extended IP ACL exists, and one rule has

been configured.