Home » Netgear Manuals » Hubs & Switches » Netgear GS724Tv4 » Manual Viewer

Netgear GS724Tv4 Software Administration Manual - Page 223

Source Prefix/Prefix Length, Destination Prefix/Prefix Length

Add to My Manuals
Save this manual to your list of manuals

Page 223 highlights

GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches • Mirror Interface. Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a Permit action. • Redirect Interface. Specifies the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. This field cannot be set if a Mirror Interface is already configured for the ACL rule. This field is visible for a Permit Action. • Match Every. Select true or false from the pull down menu. True signifies that all packets will match the selected IPv6 ACL and Rule and will be either permitted or denied. In this case, since all packets match the rule, the option of configuring other match criteria will not be offered. To configure specific match criteria for the rule, remove the rule and recreate it, or reconfigure Match Every to False for the other match criteria to be visible. • Protocol. There are two ways to configure IPv6 protocol: - Specify an integer ranging from 0 to 255 after selecting protocol keyword "other". This number represents the IPv6 protocol. - Select name of a protocol from the existing list of IPv6, ICMPv6, TCP, and UDP. • Source Prefix/Prefix Length. Specify IPv6 Prefix combined with IPv6 Prefix length of the network or host from which the packet is being sent. Prefix length can be in the range (0 to 128). • Source L4 Port. Specify a packet's source layer 4 port as a match condition for the selected IPv6 ACL rule. Source port information is optional. Source port information can be specified in two ways: - Select keyword "other" from the drop-down menu and specify the number of the port in the range from 0 to 65535. - Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range. • Destination Prefix/Prefix Length. Enter up to 128-bit prefix combined with prefix length to be compared to a packet's destination IP Address as a match criteria for the selected IPv6 ACL rule. Prefix length can be in the range (0 to 128). • Destination L4 Port. Specify a packet's destination layer 4 port as a match condition for the selected IPv6 ACL rule. Destination port information is optional. Destination port information can be specified in two ways: - Select keyword "other" from the drop-down menu and specify the number of the port in the range from 0 to 65535. - Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range. • Flow Label. Flow label is 20-bit number that is unique to an IPv6 packet, used by end stations to signify quality-of-service handling in routers. Flow label can be specified within the range (0 to 1048575). Managing Device Security 223

Section	Page
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches	1
Contents	3
1. Getting Started	9
Getting Started with the NETGEAR Switch	10
Switch Management Interface	11
Connect the Switch to the Network	12
Discover a Switch in a Network with a DHCP Server	13
Discover a Switch in a Network without a DHCP Server	15
Configure the Network Settings on the Administrative System	16
Access the Management Interface from a Web Browser	19
Understand the User Interfaces	19
Use the Web Interface	19
Use SNMPv3	26
Interface Naming Convention	27
Configuring Interface Settings	28
Online Help	33
Support	33
User Guide	33
Registration	34
2. Configure System Information	35
Management	36
System Information	36
IP Configuration	37
IPv6 Network Configuration	39
IPv6 Network Neighbor	40
Time	41
Denial of Service	46
DNS	48
Green Ethernet	50
License	55
SNMP	56
Configure the SNMPv1/v2 Community	56
LLDP	59
LLDP Configuration	60
LLDP Port Settings	61
LLDP-MED Network Policy	62
LLDP-MED Port Settings	63
Local Information	63
Neighbors Information	66
Services	70
DHCP Snooping	70
Statistics	74
Dynamic ARP Inspection	75
3. Configuring Switching	80
Ports	81
Port Configuration	81
Flow Control	82
Link Aggregation Groups	83
LAG Configuration	83
LAG Membership	85
LACP Configuration	86
LACP Port Configuration	86
VLANs	87
Basic VLAN Configuration	88
VLAN Membership Configuration	89
VLAN Status	90
Port VLAN ID Configuration	91
MAC-Based VLAN	92
Protocol-Based VLAN Group Configuration	93
Protocol-Based VLAN Group Membership	94
Voice VLAN	94
Auto-VoIP Configuration	95
Configure Protocol-Based Auto VoIP Settings	95
OUI-Based Properties	96
Port Settings	96
OUI Table	97
Spanning Tree Protocol	98
STP Configuration	99
CST Configuration	100
CST Port Configuration	101
CST Port Status	102
Rapid STP	103
MST Configuration	104
MST Port Configuration	105
STP Statistics	107
Multicast	108
MFDB Table	108
MFDB Statistics	109
Auto-Video	110
IGMP Snooping	110
IGMP Snooping Querier	115
MLD Snooping	117
MVR Configuration	123
MVR Configuration	124
MVR Group Configuration	125
MVR Interface Configuration	126
MVR Group Membership	126
MVR Statistics	127
Address Table	128
MAC Address Table	128
Dynamic Address Configuration	129
Static MAC Address	130
Multiple Registration Protocol Configuration	131
MRP Configuration	133
MRP Port Settings	134
MMRP Statistics	135
MVRP Statistics	136
MSRP Statistics	137
MSRP Reservation Parameters	138
Qav Parameters	139
MSRP Streams Information	140
802.1AS	142
802.1AS Configuration	142
802.1AS Port Settings	143
802.1AS Statistics	145
4. Configuring Routing	147
Configure IP Settings	148
IP Configuration	148
IP Statistics	149
Configure VLAN Routing	152
VLAN Routing Wizard	152
VLAN Routing Configuration	153
Configure Router Discovery	154
Configure and View Routes	155
Configure ARP	157
ARP Cache	158
Create a Static ARP Entry	159
Configure Global ARP Settings	159
Remove an ARP Entry From the ARP Cache	160
5. Configuring Quality of Service	161
Class of Service	162
CoS Configuration	162
CoS Interface Configuration	164
Interface Queue Configuration	165
802.1p to Queue Mapping	166
DSCP to Queue Mapping	166
Differentiated Services	167
Defining DiffServ	167
Diffserv Configuration	168
Class Configuration	169
IPv6 Class Configuration	172
Policy Configuration	173
Service Configuration	176
Service Statistics	176
6. Managing Device Security	177
Management Security Settings	178
Change Password	178
RADIUS Configuration	179
Configure TACACS+	183
Authentication List Configuration	185
Configuring Management Access	188
HTTP Configuration	188
Secure HTTP Configuration	189
Certificate Management	190
Certificate Download	190
Access Control	192
Port Authentication	194
802.1X Configuration	194
Port Authentication	195
Port Summary	198
Client Summary	199
Traffic Control	200
MAC Filter Configuration	200
MAC Filter Summary	201
Storm Control	202
Port Security Configuration	203
Port Security Interface Configuration	203
Security MAC Address	204
Protected Ports Membership	205
Configure Access Control Lists	206
ACL Wizard	207
MAC ACL	210
MAC Rules	211
MAC Binding Configuration	213
MAC Binding Table	214
IP ACL	215
IP Rules	216
IP Extended Rules	218
IPv6 ACL	221
IPv6 Rules	222
IP Binding Configuration	224
IP Binding Table	225
VLAN Binding Table	225
7. Monitoring the System	227
Ports	227
Switch Statistics	228
Port Statistics	230
Port Detailed Statistics	231
EAP Statistics	237
Cable Test	238
Logs	239
Memory Logs	240
Server Log	242
Trap Logs	244
Event Logs	245
Mirroring	245
8. Maintenance	247
Reset	247
Device Reboot	247
Factory Default	248
Upload	248
TFTP File Upload	249
HTTP File Upload	250
Download	251
TFTP File Download	251
HTTP File Download	253
File Management	254
Copy	254
Dual Image Configuration	255
Dual Image Status	256
9. Troubleshooting	257
Troubleshooting Configuration Menu	257
Ping	257
Ping IPv6	258
TraceRoute IPv4	259
TraceRoute IPv6	260
Troubleshooting Chart	261
A. Configuration Examples	262
Virtual Local Area Network Configuration Example	263
Access Control Lists (ACLs)	266
MAC ACL Configuration Example	266
Standard IP ACL Configuration Example	268
Differentiated Services	269
Class	269
DiffServ Traffic Classes	270
Creating Policies	270
DiffServ Configuration Example	272
802.1X Configuration Example	273
MSTP	276
MSTP Configuration Example	278
VLAN Routing Interface Configuration Example	280
B. Hardware Specifications and Default Values	282
Switch Specifications	282
Switch Features and Defaults	283

Match case Limit results 1 per page

Managing Device Security

223

GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches

•

Mirror Interface

. Specifies the specific egress interface where the matching traffic

stream is copied in addition to being forwarded normally by the device. This field

cannot be set if a Redirect Interface is already configured for the ACL rule. This field

is visible for a Permit action.

•

Redirect Interface

. Specifies the specific egress interface where the matching traffic

stream is forced, bypassing any forwarding decision normally performed by the

device. This field cannot be set if a Mirror Interface is already configured for the ACL

rule. This field is visible for a Permit Action.

•

Match Every

. Select true or false from the pull down menu. True signifies that all

packets will match the selected IPv6 ACL and Rule and will be either permitted or

denied. In this case, since all packets match the rule, the option of configuring other

match criteria will not be offered. To configure specific match criteria for the rule,

remove the rule and recreate it, or reconfigure Match Every to False for the other

match criteria to be visible.

•

Protocol

. There are two ways to configure IPv6 protocol:

Specify an integer ranging from 0 to 255 after selecting protocol keyword “other”.

This number represents the IPv6 protocol.

Select name of a protocol from the existing list of IPv6, ICMPv6, TCP, and UDP.

•

Source Prefix/Prefix Length

. Specify IPv6 Prefix combined with IPv6 Prefix length of

the network or host from which the packet is being sent. Prefix length can be in the

range (0 to 128).

•

Source L4 Port

. Specify a packet’s source layer 4 port as a match condition for the

selected IPv6 ACL rule. Source port information is optional. Source port information

can be specified in two ways:

Select keyword “other” from the drop-down menu and specify the number of the

port in the range from 0 to 65535.

Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,

SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its

equivalent port number, which is used as both the start and end of the port range.

•

Destination Prefix/Prefix Length

. Enter up to 128-bit prefix combined with prefix

length to be compared to a packet’s destination IP Address as a match criteria for the

selected IPv6 ACL rule. Prefix length can be in the range (0 to 128).

•

Destination L4 Port

. Specify a packet’s destination layer 4 port as a match condition

for the selected IPv6 ACL rule. Destination port information is optional. Destination

port information can be specified in two ways:

Select keyword “other” from the drop-down menu and specify the number of the

port in the range from 0 to 65535.

Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,

SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its

equivalent port number, which is used as both the start and end of the port range.

•

Flow Label

. Flow label is 20-bit number that is unique to an IPv6 packet, used by end

stations to signify quality-of-service handling in routers. Flow label can be specified

within the range (0 to 1048575).