Netgear GS516TP Software Administration Manual - Page 144
IPv6 ACL, To add an IPv6 ACL
View all Netgear GS516TP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 144 highlights
GS516TP Gigabit Smart Switches • Source L4 Port Number: If the source L4 keyword is Other, enter a user-defined Port ID by which packets are matched to the rule. • Destination IP Address. Requires a packet's destination port IP address to match the address listed here. Enter an IP address using dotted-decimal notation. The address you enter is compared to a packet's destination IP address. • Destination IP Mask. Specifies the destination IP address wildcard mask. Wildcard masks determine which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. • Destination L4 Port. Requires a packet's TCP/UDP destination port to match the port listed here. Complete one of the following fields: • Destination L4 Keyword: Select the desired L4 keyword from the list of destination ports on which the rule can be based. • Destination L4 Port Number: If the destination L4 keyword is Other, enter a user-defined port ID by which packets are matched to the rule. • Service Type. Select one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP, IP precedence, and IP ToS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header; however, each uses a different user notation. After you select the service type, specify the value associated with the type. • IP DSCP: Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined as the high-order 6 bits of the service type octet in the IP header. Select an IP DSCP value from the list. To specify a numeric value in the available field, select Other from the list and type an integer from 0 to 63 in the field. 4. Click ADD. To modify an existing IP Extended ACL rule, click in the Rule ID field. The number is a hyperlink to the Extended ACL Rule Configuration screen. If you modify the rule, click APPLY to submit the changes to the switch. IPv6 ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (permit or deny) is taken, and the additional rules are not checked for a match. On this screen, the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. To add an IPv6 ACL: 1. Select Security > ACL, then click the Advanced IPv6 ACL link. 2. In the IPv6 ACL field, configure the name of IPv6 ACL. 144