Home » Netgear Manuals » Hubs & Switches » Netgear XSM4324FS » Manual Viewer

Netgear XSM4324FS User Manual - Page 617

Redirect Interface, Match Every

Add to My Manuals
Save this manual to your list of manuals

Page 617 highlights

M4300 Intelligent Edge Series Fully Managed Stackable Switches • Action. Specify what action is taken if a packet matches the rule's criteria. The choice is Permit or Deny. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the access list trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a Deny action. • Egress Queue. The hardware egress queue identifier used to handle all packets matching this IP ACL rule. Valid range of queue IDs is 0 to 6. This field is visible when Permit is chosen as the action. • Interface. For a Permit action, use either a mirror interface or a redirect interface: - Select the Mirror Interface radio button and use the menu to specify the egress interface to which the matching traffic stream is copied, in addition to being forwarded normally by the device. - Select the Redirect Interface radio button and use the menu to specify the egress interface to which the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. • Match Every. From the menu, select True or False. True signifies that all packets must match the selected IP ACL and rule and are either permitted or denied. In this case, because all packets match the rule, the option of configuring other match criteria is not available. To configure specific match criteria for the rule, remove the rule and recreate it, or select False from the Match Every menu. • Protocol Type. From the menu, select a protocol that a packet's IP protocol must be matched against: ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, or PIM. • TCP Flag. For each TCP flag, specify whether or not a packet's TCP flag must be matched. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. You can set each TCP flag separately to one of the following options: - Ignore. The packet's TCP flag is ignored. This is the default setting. - Set (+). A packet matches this ACL rule if the TCP flag in this packet is set. - Clear (-). A packet matches this ACL rule if the TCP flag in this packet is not set. Note: If the RST and ACK flags are set, the option Established is available, indicating that a match occurs if either the RST- or ACK-specified bits are set in the packet's header. • Src. In the Src field, enter a source IP address, using dotted-decimal notation, to be compared to a packet's source IP address as a match criteria for the selected IP ACL rule: - If you select the IP Address radio button, enter an IP address with a relevant wildcard mask to apply this criteria. If this field is left empty, it means any. Manage Switch Security 617 User Manual

Section	Page
M4300 Intelligent Edge Series Fully Managed Stackable Switches	1
Contents	4
1 Get Started	17
Supported Switches	18
Features for Switch Model M4300-96X	19
Slot-Based Port Numbering for model M4300-96X	19
Slot Configuration for model M4300-96X	20
PoE Operation and Configuration for model M4300-96X	20
Stacking for model M4300-96X	21
Available Publications and Online Help	21
Register Your Product	22
Understanding the User Interfaces	23
Local Browser UI Overview	23
Software Requirements for Using the Local Browser UI	23
Use a Web Browser to Access the Switch and Log In	24
Access the Switch Using a Static IP Address	24
Access the Switch When You Know the IP Address	25
Local Browser UI Buttons and User-Defined Fields	25
Interface Naming Conventions	26
Slot and Port Numbering for Switch Model M4300-96X	27
Online Help	30
Local Browser UI Device View	31
Using SNMP	32
2 Configure System Information	34
Configure and Display the System and Slot Information	35
View or Define System Information	35
View the Fan Status	37
View the Temperature Sensor Information	38
View the Device Status	39
View the System CPU Status	41
Configure the CPU Thresholds	42
View and Clear Switch Statistics	43
View USB Device Information	46
Configure and View Information About Slots and Port Cards	47
Configure a Loopback Interface	50
Configure Management Interfaces	51
Configure the IPv4 Service Port	51
Configure the IPv6 Service Port	53
Management VLAN Overview	54
Configure an IPv4 Management VLAN	55
Configure an IPv6 Management VLAN	57
Configure an IPv4 Management Interface	60
Configure an IPv6 Management Interface	62
Manage the Time Settings	65
Configure the Time Setting	65
Configure the SNTP Global Settings	66
View SNTP Global Status	68
Configure an SNTP Server	70
Configure Daylight Saving Time Settings	73
View the DayLight Saving Time Status	75
Manage Precision Time Protocol	77
Manage the Global PTP Settings	77
Manage the PTP Interface Settings	78
Configure DNS Settings	79
Configure Global DNS Settings	79
Add a Static Entry to the Local DNS Table	81
Configure the Switch Database Management Template Preference	83
Configure Green Ethernet Settings	85
Configure Green Ethernet Interface Settings	86
Configure Green Ethernet Local and Remote Devices	87
Configure Green Ethernet Remote Device Details	89
View the Green Ethernet Statistics Summary	90
Configure the Green Ethernet EEE LPI History	92
Configure and Display Bonjour Settings	94
Enable or Disable Bonjour	94
Display Bonjour Information	95
Configure DHCP Server Settings	96
Configure DHCP Server	96
Configure the DHCP Pool	97
Configure DHCP Pool Options	100
View DHCP Server Statistics	101
View DHCP Bindings Information	103
View DHCP Conflicts	104
Configure the DHCP Relay	105
Manage a DHCP L2 Relay	106
Configure Global DHCP L2 Relay Settings	106
Configure a DHCP L2 Relay Interface	107
View DHCP L2 Relay Interface Statistics	108
Configure UDP Relay Global Settings	109
Configure UDP Relay Interface Settings	111
Manage the DHCPv6 Server	112
Enable or Disable the DHCPv6 Server	112
Configure the DHCPv6 Pool	113
Configure the DHCPv6 Prefix Delegation	114
Configure DHCPv6 Interface Settings	115
View DHCPv6 Bindings Information	116
View DHCPv6 Server Statistics	118
Configure DHCPv6 Relay for an Interface	121
Configure Power over Ethernet	122
Configure Basic PoE Settings	122
Configure PoE Ports	124
Configure PoE Power Settings	126
Configure SNMP	129
Configure the SNMP V1/V2 Community	129
Configure SNMP V1/V2 Trap Settings	130
Configure SNMP V1/V2 Trap Flags	132
View the Supported MIBs	133
Configure SNMP V3 Users	134
Configure LLDP	136
Configure LLDP Global Settings	136
Configure the LLDP Interface	137
View LLDP Statistics	138
View LLDP Local Device Information	140
View LLDP Remote Device Information	142
View LLDP Remote Device Inventory	143
Configure LLDP-MED Global Settings	144
Configure LLDP-MED Interface	145
View LLDP-MED Local Device Information	146
View LLDP-MED Remote Device Information	147
View LLDP-MED Remote Device Inventory	150
Configure Link Dependency	151
Configure Link Dependency Group	151
Configure a Link Dependency Interface	152
Configure ISDP	154
Configure ISDP Basic Global Settings	154
Configure ISDP Global Settings	155
Configure an ISDP Interface	157
View an ISDP Neighbor	157
View ISDP Statistics	159
Manage Timer Schedules	160
Configure the Global Timer Settings	160
Configure the Timer Schedule	161
3 Manage Stacking	163
M4300 Series Switch Stacking Overview	164
Firmware Synchronization and Upgrade	164
Stack Configuration Maintenance	165
Stack Master Election	165
Stack Factory Defaults Reset Behavior	166
Stack NSF	166
Configure a Stack	167
Select a New Stack Master	167
Specify the Stack Sample Mode	168
Configure a Stack Member	169
Change the Settings for an Existing Stack Member	170
Configure the Mode of the Stack Ports	172
Run Stack Port Diagnostics	174
Configure Stack Firmware Synchronization	176
View NSF Summary Data	177
View NSF Checkpoint Statistics	179
4 Configure Switching Information	180
Configure VLANs	181
Configure Basic VLAN Settings	181
Reset the VLAN Configuration to Default Setting	183
Configure an Internal VLAN	184
Configure VLAN Trunking	185
Configure VLAN Membership	187
View the VLAN Status	189
Configure Port PVID Settings	190
Configure a MAC-Based VLAN	192
Configure Protocol-Based VLAN Groups	193
Configure Protocol-Based VLAN Group Membership	194
Configure an IP Subnet-Based VLAN	196
Configure a Port DVLAN	196
Configure a Voice VLAN	198
Configure GARP Switch Settings	199
Configure a GARP Port	200
Configure Auto-VoIP	202
Configure Protocol-Based Port Settings	202
Configure Auto-VoIP OUI-Based Properties	203
OUI-Based Port Settings	203
Add a New Entry to the OUI Table	204
Delete Entries From the OUI Table	206
View the Auto-VoIP Status	206
Configure iSCSI Settings	207
Configure Global iSCSI Settings	208
View iSCSI Sessions	209
Control iSCSI Target Settings	210
View iSCSI Sessions	211
View iSCSI Session Details	212
Configure Spanning Tree Protocol	213
Configure Basic STP Settings	214
Configure Advanced STP Settings	216
Configure CST Settings	219
Configure CST Port Settings	221
View CST Port Status	223
Configure MST Settings	225
View the Spanning Tree MST Port Status	227
View STP Statistics	229
Configure PVST VLAN Settings	230
Configure the PVST Interface Settings	231
View PVST Statistics	233
Manage Multicast	234
View the MFDB Table	234
View the MFDB Statistics	235
Manage IGMP Snooping	236
Configure IGMP Snooping Automatically with IGMP Plus Mode	237
Configure IGMP Snooping Manually	238
Configure IGMP Snooping for Interfaces	240
Configure IGMP Snooping for VLANs Automatically with IGMP Plus Mode	242
Configure IGMP Snooping for VLANs Manually	243
Configure a Multicast Router	245
Configure a Multicast Router VLAN	246
IGMP Snooping Querier Overview	247
Configure IGMP Snooping Querier	247
Configure IGMP Snooping Querier for VLANs	248
Configure MLD Snooping Automatically with MLD Plus Mode	250
Configure MLD Snooping Manually	251
Configure an MLD Snooping Interface	253
Configure MLD Snooping for VLANs Automatically with MLD Plus Mode	254
Configure MLD Snooping for VLANs Manually	256
Enable or Disable a Multicast Router on an Interface	257
Configure Multicast Router VLAN Settings	258
Configure MLD Snooping Querier	259
Configure MLD Snooping Querier VLAN Settings	260
Configure MVR	262
Configure Basic MVR Settings	262
Configure Advanced MVR Settings	263
Configure an MVR Group	264
Configure an MVR Interface	265
Configure MVR Group Membership	266
View MVR Statistics	267
Search and Manage the MAC Address Table	269
Search the MAC Address Table	269
Set the Dynamic Address Aging Interval	270
Configure a Static MAC Address	271
Manage Port Settings	272
Configure Port Settings	272
Configure Expandable Port Settings	275
Configure the Port Link Flap Settings	276
Configure Port Descriptions	277
View Port Transceiver Information	278
Manage Link Aggregation Groups	279
Configure LAG Settings	279
Configure LAG Membership	282
Manage the Multiple Registration Protocol Settings	284
Configure Global MRP Settings	285
Configure MRP Port Settings	286
View MMRP and Clear Statistics	287
View and Clear MVRP Statistics	289
Manage Loop Protection	290
About Loop Protection	290
Loop Protection and PDU Packet Transmission	291
Loop Protection and Spanning Tree Protocol	291
Configure the Global Loop Protection Settings	291
Configure the Loop Protection Settings for Ports and View the Loop Protection State	293
5 Manage Routing	295
Manage Routes	296
Configure a Basic Route	296
Configure Advanced Routes	298
Specify Route Preferences	300
Configure the Routing IP Settings	302
View Statistics	303
Configure Routing Parameters for the Switch	307
View IP Statistics	308
Configure the IP Interface	312
Configure the Secondary IP Address	315
Manage IPv6	316
Configure IPv6 Global Settings	316
View the IPv6 Route Table	317
Configure IPv6 Interface Settings	318
Configure the IPv6 Prefix Settings	321
View IPv6 Statistics	322
View the IPv6 Neighbor Table and Clear IPv6 Neighbors	327
Configure an IPv6 Static Route	329
View the IPv6 Route Table	330
Configure IPv6 Route Preferences	331
Configure IPv6 Tunnels	332
Manage VLANs	333
Use the VLAN Static Routing Wizard	334
Configure VLAN Routing	335
Configure Address Resolution Protocol	336
Display the ARP Entries in the ARP Cache	337
Add an Entry to the ARP Table	338
View or Configure the ARP Table	339
Configure RIP	341
Enable RIP	341
Configure RIP Settings	342
Configure Advanced RIP Interface Settings	343
Manage Route Redistribution	345
Configure Router Discovery	348
Configure Virtual Router Redundancy Protocol	349
Configure Global VRRP Settings	349
Configure Advanced VRRP Settings	350
Configure an Advanced VRRP Secondary IP Address	353
Configure an Advanced VRRP Tracking Interface	354
View Advanced VRRP Statistics	355
6 Configure OSPF and OSPFv3	358
Configure OSPF	359
Configure Basic OSPF Settings	359
Configure the OSPF Default Route Advertise Settings	360
Configure OSPF Settings	361
Configure the OSPF Common Area ID	364
Configure the OSPF Stub Area	366
Configure the OSPF NSSA Area	367
Configure the OSPF Area Range	369
Configure the OSPF Interface	370
View and Clear OSPF Statistics for an Interface	375
View the OSPF Neighbor Table and Clear OSPF Neighbors	377
View the OSPF Link State Database	380
Configure the OSPF Virtual Link	383
Configure the OSPF Route Redistribution	386
View the NSF OSPF Summary	388
Configure OSPFv3	390
Configure Basic OSPFv3 Settings	390
Configure OSPFv3 Default Route Advertise Settings	391
Configure the Advanced OSPFv3 Settings	392
Configure the OSPFv3 Common Area	395
Configure an OSPFv3 Stub Area	396
Configure the OSPFv3 NSSA Area	397
Configure the OSPFv3 Area Range	399
Configure the OSPFv3 Interface	400
View and Clear OSPFv3 Interface Statistics	404
View the OSPFv3 Neighbor Table and Clear OSPFv3 Neighbors	407
View the OSPFv3 Link State Database	408
Configure the OSPFv3 Virtual Link	411
Configure OSPFv3 Route Redistribution	414
View the NSF OSPFv3 Summary	415
7 Configure Multicast Routing	418
Multicast Overview	419
View the Multicast Mroute Table	419
Add Mroute Static Multicast Entries	420
Configure Global Multicast Settings	421
Configure the Multicast Interface	422
Configure Global Multicast DVMRP Settings	423
Configure the DVMRP Interface	424
Search for DVMRP Neighbors	426
View the DVMRP Next Hop Settings	427
View the Multicast DVMRP Prune	428
View the DVMRP Route	429
Configure Multicast IGMP Settings	430
Configure IGMP Global Settings	430
Configure the IGMP Routing Interface	431
View IGMP Routing Interface Statistics	432
View IGMP Groups	434
View the IGMP Membership	435
Configure the IGMP Proxy Interface	436
View the IGMP Proxy Interface Statistics	438
View the IGMP Proxy Membership	439
Configure PIM Settings	440
Configure the Multicast PIM Global Settings	440
Configure PIM SSM Settings	441
Configure PIM Interface	442
View the PIM Neighbor	443
View the PIM Candidate Rendezvous Point	444
View the PIM Neighbor	445
Configure the PIM Candidate Rendezvous Point	446
Configure the PIM Bootstrap Router Candidate	447
Configure the PIM Static Rendezvous Point	448
Configure Multicast Static Routes	449
Configure the Multicast Admin Boundary	450
Configure IPv6 Multicast Settings	451
View the IPv6 Multicast Mroute Table	451
Configure the IPv6 PIM Global Settings	452
Configure IPv6 PIM SSM	453
Configure the IPv6 PIM Interface	454
View the IPv6 PIM Neighbor	455
Configure the IPv6 PIM Candidate Rendezvous Point	456
Configure the IPv6 PIM Bootstrap Router Candidate Settings	457
Configure the IPv6 PIM Static Rendezvous Point	458
Configure IPv6 MLD Global Settings	459
Configure the IPv6 MLD Routing Interface	459
View IPv6 MLD Routing Interface Statistics	461
View the IPv6 MLD Groups	462
View and Clear IPv6 MLD Traffic	464
Configure the IPv6 MLD Proxy Interface	465
View IPv6 MLD Proxy Interface Statistics	466
View the IPv6 MLD Proxy Membership	467
Configure IPv6 Multicast Static Routes	468
8 Configure Quality of Service	470
Quality of Service Overview	471
Manage Class of Service	471
Configure Global CoS Settings	472
Map 802.1p Priorities to Queues	473
Map DSCP Values to Queues	474
Configure CoS Interface Settings for an Interface	475
Configure CoS Queue Settings for an Interface	476
Configure CoS Drop Precedence Settings	478
Manage Differentiated Services	479
DiffServ Wizard Overview	480
Use the DiffServ Wizard	480
Configure Basic DiffServ Settings	482
Configure the Global DiffServ Settings	483
Configure a DiffServ Class	485
Configure DiffServ IPv6 Class Settings	490
Configure DiffServ Policy	493
Configure the DiffServ Service Interface	496
View DiffServ Service Statistics	497
9 Manage Switch Security	500
Manage User Accounts and Passwords	501
Configure User Accounts	501
Configure a User Password	502
Enable Password Configuration	503
Configure a Line Password	504
Manage the RADIUS Server Settings	505
Configure Global RADIUS Server Settings	505
Configure a RADIUS Server	508
Configure RADIUS Accounting Servers	510
Manage the TACACS Settings	511
Configure Global TACACS Settings	512
Configure TACACS Server Settings	513
Configure Authentication Lists	514
Configure a Login Authentication List	514
Configure an Enable Authentication List	515
Configure the Dot1x Authentication List	516
Configure an HTTP Authentication List	517
Configure an HTTPS Authentication List	518
View Login Sessions	520
Manage HHTP, HTTPS, and SSH Access	521
Configure HTTP Server Settings	521
Configure the HTTPS Settings	522
Manage Certificates	524
Download Certificates	525
Configure SSH Settings	526
Manage Host Keys	528
Download Host Keys	530
Configure Telnet Access	531
Configure a Telnet Authentication List	531
Configure Inbound Telnet	533
Configure Outbound Telnet	534
Configure Console Port Access	536
Configure Denial of Service Settings	537
Configure Access Control Settings	540
Configure an Access Control Profile	540
Configure Access Rule Settings for the Access Control Profile	542
Manage Port Authentication	543
Configure Global 802.1X Settings	543
Configure 802.1X Settings	545
Configure Port Authentication	546
View the Port Summary	549
View the Client Summary	551
Control Traffic With MAC Filtering	553
Configure MAC Filtering	553
MAC Filter Summary	554
Configure Port Security and Private Groups	555
Configure the Global Port Security Mode	555
Configure a Port Security Interface	556
Convert Learned MAC Addresses to Static Addresses	558
Configure Static MAC Addresses	559
Configure Private Groups	560
Configure Private Group Membership	560
Configure Protect Ports	562
Set Up Private VLANs	563
Configure a Private VLAN Type	563
Configure Private VLAN Association Settings	564
Configure the Private VLAN Port Mode	565
Configure a Private VLAN Host Interface	566
Configure a Private VLAN Promiscuous Interface	567
Manage the Storm Control Settings	568
Configure Global Storm Control Settings	568
Configure Storm Control for a Port	569
Configure DHCP Snooping	571
Configure DHCP Snooping Global Settings	571
Configure a DHCP Snooping Interface	572
Configure a Static DHCP Snooping Binding	573
View the Dynamic DHCP Snooping Bindings	574
Configure Snooping Persistent Settings	575
View and Clear the DHCP Snooping Statistics	576
Configure IP Source Guard Interfaces	577
Configure IP Source Guard Binding Settings	579
Configure IPv6 Source Guard Interface Settings	580
Configure an IPv6 Source Guard Binding	581
Configure Dynamic ARP Inspection	582
Configure the Global Dynamic ARP inspection Settings	582
Configure DAI VLANs	583
Configure DAI Interfaces	584
Configure a DAI ACL	586
Configure a DAI ACL Rule	586
View DAI Statistics	587
Set Up Captive Portals	589
Configure Captive Portal Global Settings	589
Add a Captive Portal Instance	591
Configure Captive Portals Bindings	593
View the Captive Portal Binding Table	594
Configure a Captive Portal Group	595
Configure Captive Portal User Settings	596
Configure the Captive Portal Trap Flag Settings	597
View and Clear the Captive Portal Client	598
Set Up and Manage Access Control Lists	599
Use the ACL Wizard to Create a Simple ACL	600
Configure an ACL Based on Destination MAC Address	602
Use the ACL Wizard to Complete the Destination MAC ACL	604
Configure a Basic MAC ACL	604
Configure MAC ACL Rules	606
Configure MAC Binding	608
View and Delete MAC ACL Bindings in the MAC Binding Table	610
Configure an IP ACL	611
Configure Rules for an IP ACL	613
Configure Rules for an Extended IP ACL	615
Configure an IPv6 ACL	621
Configure IPv6 Rules	622
Configure IP ACL Interface Bindings	628
View and Delete IP ACL Bindings in the IP ACL Binding Table	629
Configure VLAN ACL Bindings	630
10 Monitor the Switch and Network	632
View Port and EAP Packet Statistics	633
View and Clear Port Statistics	633
View and Clear the Detailed Port Statistics	634
View EAP Statistics	641
Perform a Cable Test	643
Manage the Buffered, Command, and Console Logs	644
View and Clear the Buffered Logs	644
Configure the Memory Log Settings	645
Message Log Format	647
Enable or Disable the Command Log	647
Enable or Disable Console Logging	648
Configure the Syslog and Syslog Host Settings	649
Configure the Syslog Settings	649
Configure the Syslog Host Settings	650
View and Clear the Trap Logs	652
View and Clear the Event Log	653

Match case Limit results 1 per page

M4300 Intelligent Edge Series Fully

Managed

Stackable Switches

Manage Switch Security

User Manual

617

•

Action

. Specify what action is taken if a packet matches the rule’s criteria. The choice

Permit

Deny

•

Logging

. When set to Enable, logging is enabled for this ACL rule (subject to

resource availability in the device). If the access list trap flag is also enabled, this

causes periodic traps to be generated indicating the number of times this rule was

hit

during the current report interval. A fixed 5-minute report interval is used for the entire

system. A trap is not issued if the ACL rule hit count is zero for the current interval.

This field is visible for a

Deny

action.

•

Egress Queue

. The hardware egress queue identifier used to handle all packets

matching this IP ACL rule. Valid range of queue IDs is 0 to 6. This field is visible when

Permit is chosen as the action.

•

Interface

. For a

Permit

action, use either a mirror interface or a redirect interface:

Select the

Mirror Interface

radio button and use the menu to specify the egress

interface to which the matching traffic stream is copied, in addition to being

forwarded normally by the device.

Select the

Redirect Interface

radio button and use the menu to specify the

egress interface to which the matching traffic stream is forced, bypassing any

forwarding decision normally performed by the device.

•

Match Every

. From the menu, select

True

False

True signifies that all packets must match the selected IP ACL and rule and are either

permitted or denied. In this case, because all packets match the rule, the option of

configuring other match criteria is not available. To configure specific match criteria

for the rule, remove the rule and recreate it, or select

False

from the

Match Every

menu.

•

Protocol Type

From the menu, select a protocol that a packet’s IP protocol must be

matched against:

ICMP

IGMP

TCP

UDP

EIGRP

GRE

IPINIP

OSPF

, or

PIM

•

TCP Flag

. For each TCP flag, specify whether or not a packet’s TCP flag must be

matched. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. You can set

each TCP flag separately to one of the following options:

Ignore

. The packet’s TCP flag is ignored. This is the default setting.

Set (+)

. A packet matches this ACL rule if the TCP flag in this packet is set.

Clear (-)

. A packet matches this ACL rule if the TCP flag in this packet is not set.

Note:

If the RST and ACK flags are set, the option

Established

is available,

indicating that a match occurs if either the RST- or ACK-specified bits

are set in the packet’s header.

•

Src

. In the

Src

field, enter a source IP address, using dotted-decimal notation, to be

compared to a packet’s source IP address as a match criteria for the selected IP ACL

rule:

If you select the

IP Address

radio button, enter an IP address with a relevant

wildcard mask to apply this criteria. If this field is left empty, it means

any