NETGEAR GSM7252PS - ProSafe 52 Ports Gigabit Ethernet L2 Managed Stackable Switch User Manual page 540

ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual
1. Use the ACL Name pull down menu to select the IPv6 ACL for which to create or update
a rule.
2. Use Rule ID to enter a whole number in the range of 1 to 12 that will be used to identify the
rule. An IP ACL may have up to 12 rules.
3. Use Action to specify what action should be taken if a packet matches the rule's criteria.
The choices are permit or deny.
4. Use Logging to enable logging for this ACL rule (subject to resource availability in the
device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was 'hit' during the current report interval.
A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL
rule hit count is zero for the current interval. This field is visible for a 'Deny' Action.
5. Use Assign Queue ID to specify the hardware egress queue identifier used to handle all
packets matching this IPv6 ACL rule. Valid range of Queue IDs is 0 to 6. This field is visible
for a 'Permit' Action.
6. Use Mirror Interface to specify the specific egress interface where the matching traffic
stream is copied in addition to being forwarded normally by the device. This field cannot be
set if a Redirect Interface is already configured for the ACL rule. This field is visible for a
'Permit' Action.
7. Use Redirect Interface to specify the specific egress interface where the matching traffic
stream is forced, bypassing any forwarding decision normally performed by the device. This
field cannot be set if a Mirror Interface is already configured for the ACL rule. This field is
visible for a 'Permit' Action.
8. Use Match Every to select true or false from the pull down menu. True signifies that all
packets will match the selected IPv6 ACL and Rule and will be either permitted or denied. In
this case, since all packets match the rule, the option of configuring other match criteria will
not be offered. To configure specific match criteria for the rule, remove the rule and recreate
it, or reconfigure 'Match Every' to 'False' for the other match criteria to be visible.
9. Use Protocol to configure IPv6 protocol:
a. Specify an integer ranging from 0 to 255 after selecting protocol keyword "other".
This number represents the IP protocol.
b. Select name of a protocol from the existing list of Internet Protocol (IP),
Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet
Control Message Protocol (ICMP) and Internet Group Management Protocol
(IGMP).
10. Use Source Prefix / PrefixLength to specify IPv6 Prefix combined with IPv6 Prefix length
of the network or host from which the packet is being sent. Prefix length can be in the range
0 to 128.
11. Use Source L4 Port to specify a packet's source layer 4 port as a match condition for the
selected IPv6 ACL rule. Source port information is optional. Source port information can be
specified in two ways:
a. Select keyword "other" from the drop down menu and specify the number of the
port in the range from 0 to 65535.
b. Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,
SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into
its equivalent port number, which is used as both the start and end of the port
range.
540 | Chapter 6. Managing Device Security