NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch User Manual page 536

ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual
• Assign Queue - Specifies the hardware egress queue identifier used to handle all
packets matching this IP ACL rule. Valid range of Queue Ids is 0 to 6.
• Mirror Interface - Specifies the specific egress interface where the matching traffic
stream is copied in addition to being forwarded normally by the device. This field
cannot be set if a Redirect Interface is already configured for the ACL rule. This field
is visible for a 'Permit' Action.
• Match Every - Select true or false from the pull-down menu. True signifies that all
packets will match the selected IP ACL and Rule and will be either permitted or
denied. In this case, since all packets match the rule, the option of configuring other
match criteria will not be offered. To configure specific match criteria for the rule,
remove the rule and re-create it, or re-configure 'Match Every' to 'False' for the other
match criteria to be visible.
• Protocol Keyword - Specify that a packet's IP protocol is a match condition for the
selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, and UDP.
• TCP Flag - Specify that a packet's TCP flag is a match condition for the selected IP
ACL rule. The TCP flag values are URG,ACK,PSH,RST,SYN,FIN. Each TCP flag has
these possible values below and can be set separately.
• Ignore -A packet matches this ACL rule whatever the TCP flag in this packet is set
or not.
• Set(+) - A packet matches this ACL rule if the TCP flag in this packet is set.
• Clear(-) - A packet matches this ACL rule if the TCP flag in this packet is not set.
• Src IP Address - Enter an IP address using dotted-decimal notation to be compared
to a packet's source IP Address as a match criteria for the selected IP ACL rule.
• Src IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the
Source IP Address value.
• Src L4 Port - Specify a packet's source layer 4 port as a match condition for the
selected extended IP ACL rule. This is an optional configuration. The possible values
are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and
WWW. Each of these values translates into its equivalent port number, which is used
as both the start and end of the port range.
• Dst IP Address - Enter an IP address using dotted-decimal notation to be compared
to a packet's destination IP Address as a match criteria for the selected extended IP
ACL rule.
• Dst IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the
Destination IP Address value.
• Dst L4 Port - Specify the destination layer 4 port match conditions for the selected
extended IP ACL rule. The possible values are DOMAIN, ECHO, FTP, FTPDATA,
HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into
its equivalent port number, which is used as both the start and end of the port range.
This is an optional configuration.
• Service Type - Select a Service Type match condition for the extended IP ACL rule
from the pull-down menu. The possible values are IP DSCP, IP precedence, and IP
TOS, which are alternative ways of specifying a match criterion for the same Service
536 | Chapter 6. Managing Device Security