D-Link xStack Reference Manual page 221
Web ui reference guide layer 2 managed gigabit ethernet switch
Hide thumbs
Also See for xStack:
- Reference manual (1284 pages) ,
- User manual (357 pages) ,
- Hardware installation manual (71 pages)
Table of Contents
Advertisement
®
xStack
DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Web UI Reference Guide
Parameter
Select Profile ID
Select ACL Type
Packet Content
Click Create to implement changes made.
To view the setting details for a created profile, click the Show Details button for the corresponding entry on the Access Profile
List window, revealing the following window:
Figure 7 - 10. Access Profile Detail Information window for Packet Content
NOTE: Address Resolution Protocol (ARP) is the standard for finding a host's hardware
address (MAC address). However, ARP is vulnerable as it can be easily spoofed and utilized
to attack a LAN (i.e. an ARP spoofing attack). For a more detailed explanation on how ARP
protocol works and how to employ D-Link's unique Packet Content ACL to prevent ARP
spoofing attack, please see Appendix E at the end of this manual.
Description
Use the drop-down menu to select a unique identifier number for this profile set. This value
can be set from 1 to 200.
Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet
content. This will change the window according to the requirements for the type of profile.
Select Ethernet ACL to instruct the Switch to examine the layer 2 part of each packet header.
Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame's header.
Select IPv6 ACL to instruct the Switch to examine the IPv6 address in each frame's header.
Select Packet Content to instruct the Switch to examine the packet content in each frame's
header.
Allows users to examine up to four specified offset chunks within a packet, one at a time. A
chunk mask presents four bytes. Four offset chunks can be selected from a possible 32
predefined offset chunks as described below:
offset_chunk_1,
offset_chunk_2,
offset_chunk_3,
offset_chunk_4.
chunk0
chunk1
chunk2
B126,
B2,
B6,
B127,
B3,
B7,
B0,
B4,
B8,
B1
B5
B9
Example:
offset_chunk_1 0 0xffffffff will match packet byte offset 126, 127, 0, 1
offset_chunk_1 0 0x0000ffff will match packet byte offset, 0,1
NOTE: Only one packet content mask profile can be created at a time. Use of the D-Link
xStack switch family's advanced Packet Content Mask (also known as Packet Content
Access Control List – ACL) feature can effectively mitigate common network attacks such as
ARP Spoofing. The Switch's implementation of Packet Content ACL enables inspection of
any packet's specified content regardless of the protocol layer.
......
chunk29
chunk30
......
B114,
B118,
B115,
B119,
B116,
B120,
B117
B121
207
chunk31
B122,
B123,
B124,
B125
Advertisement
Table of Contents
