Netgear GS516TP Software Administration Manual - Page 143

Source IP Mask, Source IP Address

Page 143 highlights

GS516TP Gigabit Smart Switches Note: There is an implicit "deny all" rule at the end of an ACL list. This rule means that if an ACL is applied to a packet and if none of the explicit rules match, the final implicit "deny all" rule applies and the packet is dropped.  To configure rules for an IP ACL: 1. Click Security  ACL > Advanced  IP Extended Rules. 2. Select the ACL ID to add the rule to, and select the check box in the Extended ACL Rule table. 3. Configure the fields for the new rule. • Rule ID. Specify a number from 1 to 10 to identify the IP ACL rule. You can create up to ten rules for each ACL. • Action. Select an ACL forwarding action: • Permit. Forwards packets which meet the ACL criteria. • Deny. Drops packets which meet the ACL criteria. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the access list trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This field is available for a deny action. • Match Every. Requires a packet to match the criteria of this ACL. Select Enable or Disable. Match Every is exclusive to the other filtering rules, so if Match Every is enabled, the other rules on the screen are not available. • Protocol Type. Requires a packet's protocol to match the protocol listed here. Select a type from the drop-down list, or enter the protocol number in the available field. • Source IP Address. Requires a packet's source IP address to match the address listed here. Enter an IP address using dotted-decimal notation. The address you enter is compared to a packet's source IP address. • Source IP Mask. Specifies the source IP address wildcard mask. Wildcard masks determine which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. • Source L4 Port. Requires a packet's TCP/UDP source port to match the port listed here. Complete one of the following fields: • Source L4 Keyword: Select the desired L4 keyword from the list of source ports on which the rule can be based. 143

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208

143
GS516TP Gigabit Smart Switches
Note:
There is an implicit “deny all” rule at the end of an ACL list. This rule
means that if an ACL is applied to a packet and if none of the explicit
rules match, the final implicit “deny all” rule applies and the packet is
dropped.
To configure rules for an IP ACL:
1.
Click
Security
ACL
>
Advanced
IP Extended Rules
.
2.
Select the ACL ID to add the rule to, and select the check box in the Extended ACL Rule
table.
3.
Configure the fields for the new rule.
Rule ID
. Specify a number from 1 to 10 to identify the IP ACL rule. You can create up
to ten rules for each ACL.
Action
. Select an ACL forwarding action:
Permit. Forwards packets which meet the ACL criteria.
Deny. Drops packets which meet the ACL criteria.
Logging
. When set to Enable, logging is enabled for this ACL rule (subject to
resource availability in the device). If the access list trap flag is also enabled, this
causes periodic traps to be generated indicating the number of times this rule was hit
during the current report interval. A fixed 5-minute report interval is used for the entire
system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This
field is available for a deny action.
Match Every
. Requires a packet to match the criteria of this ACL. Select
Enable
or
Disable
. Match Every is exclusive to the other filtering rules, so if Match Every is
enabled, the other rules on the screen are not available.
Protocol Type
. Requires a packet’s protocol to match the protocol listed here. Select
a type from the drop-down list, or enter the protocol number in the available field.
Source IP Address
. Requires a packet’s source IP address to match the address
listed here. Enter an IP address using dotted-decimal notation. The address you enter
is compared to a packet's source IP address.
Source IP Mask
. Specifies the source IP address wildcard mask. Wildcard masks
determine which bits are used and which bits are ignored. A wildcard mask of
255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0
indicates that all of the bits are important. Wildcard masking for ACLs operates
differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet
mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
Source L4 Port
. Requires a packet’s TCP/UDP source port to match the port listed
here. Complete one of the following fields:
Source L4 Keyword
: Select the desired L4 keyword from the list of source ports
on which the rule can be based.