Netgear XSM4324FS User Manual - Page 617
Redirect Interface, Match Every
View all Netgear XSM4324FS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 617 highlights
M4300 Intelligent Edge Series Fully Managed Stackable Switches • Action. Specify what action is taken if a packet matches the rule's criteria. The choice is Permit or Deny. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the access list trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a Deny action. • Egress Queue. The hardware egress queue identifier used to handle all packets matching this IP ACL rule. Valid range of queue IDs is 0 to 6. This field is visible when Permit is chosen as the action. • Interface. For a Permit action, use either a mirror interface or a redirect interface: - Select the Mirror Interface radio button and use the menu to specify the egress interface to which the matching traffic stream is copied, in addition to being forwarded normally by the device. - Select the Redirect Interface radio button and use the menu to specify the egress interface to which the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. • Match Every. From the menu, select True or False. True signifies that all packets must match the selected IP ACL and rule and are either permitted or denied. In this case, because all packets match the rule, the option of configuring other match criteria is not available. To configure specific match criteria for the rule, remove the rule and recreate it, or select False from the Match Every menu. • Protocol Type. From the menu, select a protocol that a packet's IP protocol must be matched against: ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, or PIM. • TCP Flag. For each TCP flag, specify whether or not a packet's TCP flag must be matched. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. You can set each TCP flag separately to one of the following options: - Ignore. The packet's TCP flag is ignored. This is the default setting. - Set (+). A packet matches this ACL rule if the TCP flag in this packet is set. - Clear (-). A packet matches this ACL rule if the TCP flag in this packet is not set. Note: If the RST and ACK flags are set, the option Established is available, indicating that a match occurs if either the RST- or ACK-specified bits are set in the packet's header. • Src. In the Src field, enter a source IP address, using dotted-decimal notation, to be compared to a packet's source IP address as a match criteria for the selected IP ACL rule: - If you select the IP Address radio button, enter an IP address with a relevant wildcard mask to apply this criteria. If this field is left empty, it means any. Manage Switch Security 617 User Manual