NETGEAR M4300 User Manual page 603
Fully managed stackable switches
Hide thumbs
Also See for M4300:
- Installation manual (59 pages) ,
- Installation (2 pages) ,
- Software administration manual (688 pages)
Table of Contents
Advertisement
M4300 Series and M4300-96X Fully Managed Switches User Manual
True signifies that all packets must match the selected IP ACL and rule and are either
permitted or denied. In this case, because all packets match the rule, the option of
configuring other match criteria is not available. To configure specific match criteria
for the rule, remove the rule and recreate it, or select False from the Match Every
menu.
Protocol Type. From the menu, select a protocol that a packet's IP protocol must be
•
matched against: ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, or PIM.
TCP Flag. For each TCP flag, specify whether or not a packet's TCP flag must be
•
matched. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. You can set
each TCP flag separately to one of the following options:
Ignore. The packet's TCP flag is ignored. This is the default setting.
-
Set (+). A packet matches this ACL rule if the TCP flag in this packet is set.
-
Clear (-). A packet matches this ACL rule if the TCP flag in this packet is not set.
-
If the RST and ACK flags are set, the option Established is available,
Note:
indicating that a match occurs if either the RST- or ACK-specified bits
are set in the packet's header.
Src. In the Src field, enter a source IP address, using dotted-decimal notation, to be
•
compared to a packet's source IP address as a match criteria for the selected IP ACL
rule:
If you select the IP Address radio button, enter an IP address with a relevant
-
wildcard mask to apply this criteria. If this field is left empty, it means any.
If you select the Host radio button, the wildcard mask is configured as 0.0.0.0. If
-
this field is left empty, it means any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard
of 255.255.255.255 indicates that all of the bits are important.
Src L4. The options are available only when protocol is set to TCP or UDP. Use the
•
source L4 port option to specify relevant matching conditions for L4 port numbers in
the extended ACL rule.
You can select either the Port radio button or the Range radio button:
If you select the Port radio button, you can either select port key from the menu
-
or enter the port number yourself.
The source IP TCP port names are bgp, domain, echo, ftp, ftpdata, http, smtp,
•
snmp, Telnet, www, pop2, pop3.
The source IP UDP port names are domain, echo, ntp, rip, snmp, tftp, time,
•
who.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select Other from the
menu but leave the field blank, it means any.
Manage Device Security
603
Advertisement
Table of Contents
Troubleshooting
