Home » Netgear Manuals » Hubs & Switches » Netgear GS516TP » Manual Viewer

Netgear GS516TP Software Administration Manual - Page 144

IPv6 ACL, To add an IPv6 ACL

Add to My Manuals
Save this manual to your list of manuals

Page 144 highlights

GS516TP Gigabit Smart Switches • Source L4 Port Number: If the source L4 keyword is Other, enter a user-defined Port ID by which packets are matched to the rule. • Destination IP Address. Requires a packet's destination port IP address to match the address listed here. Enter an IP address using dotted-decimal notation. The address you enter is compared to a packet's destination IP address. • Destination IP Mask. Specifies the destination IP address wildcard mask. Wildcard masks determine which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all of the bits are important. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type 0.0.0.255 in the Source IP Mask field. This field is required when you configure a source IP address. • Destination L4 Port. Requires a packet's TCP/UDP destination port to match the port listed here. Complete one of the following fields: • Destination L4 Keyword: Select the desired L4 keyword from the list of destination ports on which the rule can be based. • Destination L4 Port Number: If the destination L4 keyword is Other, enter a user-defined port ID by which packets are matched to the rule. • Service Type. Select one of the Service Type match conditions for the extended IP ACL rule. The possible values are IP DSCP, IP precedence, and IP ToS, which are alternative ways of specifying a match criterion for the same Service Type field in the IP header; however, each uses a different user notation. After you select the service type, specify the value associated with the type. • IP DSCP: Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined as the high-order 6 bits of the service type octet in the IP header. Select an IP DSCP value from the list. To specify a numeric value in the available field, select Other from the list and type an integer from 0 to 63 in the field. 4. Click ADD. To modify an existing IP Extended ACL rule, click in the Rule ID field. The number is a hyperlink to the Extended ACL Rule Configuration screen.  If you modify the rule, click APPLY to submit the changes to the switch. IPv6 ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (permit or deny) is taken, and the additional rules are not checked for a match. On this screen, the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.  To add an IPv6 ACL: 1. Select Security > ACL, then click the Advanced  IPv6 ACL link. 2. In the IPv6 ACL field, configure the name of IPv6 ACL. 144

Section	Page
GS516TP Gigabit Smart Switches	1
Contents	3
1. Getting Started	9
Getting Started with the NETGEAR Switch	10
Switch Management Interface	11
Connect the Switch to the Network	12
Discover a Switch in a Network with a DHCP Server	13
Switch Discovery in a Network Without a DHCP Server	15
Configure the Network Settings on the Administrative System	17
Access the Management Interface from the Web	19
Understand the User Interface	19
Use SNMP	24
Interface Naming Convention	25
2. Configuring System Information	26
Management	27
System Information	27
IP Configuration	28
IPv6 Network Configuration	29
IPv6 Network Neighbors	30
Time	31
DNS	34
Green Ethernet Configuration	35
PoE	39
PoE Global Configuration	41
PoE Port Configuration	41
PoE PD Port Status	42
Timer Global Configuration	43
SNMP	44
SNMP v1/v2	44
Trap Flags	45
SNMP Supported MIBs	46
SNMP v3 User Configuration	46
LLDP	47
LLDP Configuration	47
LLDP Port Settings	48
LLDP-MED Network Policy	49
LLDP-MED Port Settings	49
Local Information	50
Neighbors Information	51
Services—DHCP Snooping	55
DHCP Snooping Global Configuration	55
DHCP Snooping Interface Configuration	55
DHCP Snooping Binding Configuration	56
DHCP Snooping Persistent Configuration	57
3. Configuring Switching Information	58
Ports	59
Global Configuration	59
Port Configuration	59
Link Aggregation Groups	61
LAG Configuration	61
LAG Membership	62
LACP Configuration	63
LACP Port Configuration	63
VLANs	64
VLAN Configuration	64
VLAN Membership Configuration	65
Port VLAN ID Configuration	66
Voice VLAN	67
Voice VLAN Properties	67
Voice VLAN Port Setting	67
Voice VLAN OUI	68
Auto-VoIP Configuration	69
Spanning Tree Protocol	70
STP Configuration	70
CST Configuration	72
CST Port Configuration	73
CST Port Status	74
Rapid STP	75
MST Configuration	75
MST Port Configuration	76
Multicast	79
MFDB	79
Auto-Video Configuration	80
IGMP Snooping	81
IGMP Snooping Querier	84
MLD Snooping	86
Static Multicast Address	88
Forwarding Database	91
Address Table	91
Dynamic Address Configuration	92
Static MAC Address	92
4. Configuring Routing	93
Configure IP Settings	94
Configure VLAN Routing	95
VLAN Routing Wizard	95
Configure VLAN Routing	96
Configure and View Routes	97
Configure ARP	99
ARP Cache	100
ARP Entry Configuration	100
Global ARP Configuration	101
ARP Entry Management	102
5. Configure Quality of Service	103
Class of Service	104
Basic CoS Configuration	104
CoS Interface Configuration	105
Queue Configuration	105
802.1p to Queue Mapping	106
DSCP to Queue Mapping	107
Differentiated Services	108
Defining DiffServ	108
Diffserv Configuration	109
DSCP Violate Action Mapping	109
Class Configuration	110
IPv6 Class Configuration	111
Policy Configuration	112
Service Configuration	114
Service Statistics	114
6. Managing Device Security	116
Management Security Settings	117
Change Password	117
Configure RADIUS Settings	117
Configure TACACS+	120
Authentication List Configuration	121
Configure Management Access	124
HTTP Configuration	124
Secure HTTP Configuration	124
Certificate Management	125
Access Control	125
Port Authentication	127
802.1x Configuration	127
Port Authentication	128
Port Summary	130
Traffic Control	132
Storm Control	132
Port Security Interface Configuration	133
Security MAC Address	133
Protected Ports	134
Configure Access Control Lists	135
ACL Wizard	135
MAC ACL	138
MAC Rules	138
MAC Binding Configuration	139
MAC Binding Table	140
IP ACL	141
IP Rules	141
IP Extended Rules	142
IPv6 ACL	144
IPv6 Rules	145
IP Binding Configuration	146
IP Binding Table	147
7. Monitoring the System	148
Ports	149
Switch Statistics	149
Port Statistics	150
Port Detailed Statistics	151
EAP Statistics	154
Cable Test	155
Logs	157
Buffered Logs	157
Server Log	158
Trap Logs	159
Mirroring	160
System Resources Utilization	161
8. Maintenance	162
Reset	163
Device Reboot	163
Factory Default	163
Upload a File from the Switch	164
TFTP File Upload	164
HTTP File Upload	165
Download a File to the Switch	166
TFTP File Download	166
HTTP File Download	167
File Management	169
Dual Image Configuration	169
Dual Image Status	169
Troubleshooting	171
Ping	171
Ping IPv6	172
Traceroute	172
Remote Diagnostics	173
9. Help	174
Online Help	175
Support	175
User Guide	175
Registration	176
A. Hardware Specifications and Default Values	178
Switch Features and Defaults	179
B. Configuration Examples	182
Virtual Local Area Networks (VLANs)	183
Sample VLAN Configuration	184
Access Control Lists (ACLs)	185
Sample MAC ACL Configuration	185
Sample Standard IP ACL Configuration	186
Differentiated Services (DiffServ)	188
Class	188
DiffServ Traffic Classes	189
Create Policies	189
Sample DiffServ Configuration	190
802.1x	193
Sample 802.1x Configuration	194
MSTP	196
Sample MSTP Configuration	197
Configure VLAN Routing with Static Route	200
VLAN Routing Overview	200
Sample VLAN Routing Configuration	200
C. Notification of Compliance	201

Match case Limit results 1 per page

144

GS516TP Gigabit Smart Switches

•

Source L4 Port Number

: If the source L4 keyword is Other, enter a user-defined

Port ID by which packets are matched to the rule.

•

Destination IP Address

. Requires a packet’s destination port IP address to match

the address listed here. Enter an IP address using dotted-decimal notation. The

address you enter is compared to a packet's destination IP address.

•

Destination IP Mask

. Specifies the destination IP address wildcard mask. Wildcard

masks determine which bits are used and which bits are ignored. A wildcard mask of

255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that

all of the bits are important. Wildcard masking for ACLs operates differently from a

subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For

example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type

0.0.0.255 in the Source IP Mask field. This field is required when you configure a

source IP address.

•

Destination L4 Port

. Requires a packet’s TCP/UDP destination port to match the

port listed here. Complete one of the following fields:

•

Destination L4 Keyword

: Select the desired L4 keyword from the list of

destination ports on which the rule can be based.

•

Destination L4 Port Number

: If the destination L4 keyword is Other, enter a

user-defined port ID by which packets are matched to the rule.

•

Service Type

. Select one of the Service Type match conditions for the extended IP

ACL rule. The possible values are IP DSCP, IP precedence, and IP ToS, which are

alternative ways of specifying a match criterion for the same Service Type field in the

IP header; however, each uses a different user notation. After you select the service

type, specify the value associated with the type.

•

IP DSCP: Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined

as the high-order 6 bits of the service type octet in the IP header. Select an IP

DSCP value from the list. To specify a numeric value in the available field, select

Other from the list and type an integer from 0 to 63 in the field.

Click

ADD

To modify an existing IP Extended ACL rule, click in the Rule ID field. The number is a

hyperlink to the Extended ACL Rule Configuration screen.

If you modify the rule, click

APPLY

to submit the changes to the switch.

IPv6 ACL

An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When

a packet meets the match criteria of a rule, the specified rule action (permit or deny) is taken,

and the additional rules are not checked for a match. On this screen, the interfaces to which

an IP ACL applies must be specified, as well as whether it applies to inbound or outbound

traffic.



To add an IPv6 ACL:

Select

Security > ACL

, then click the

Advanced



IPv6 ACL

link.

In the IPv6 ACL field, configure the name of IPv6 ACL.