Cpu Access Profile List - D-Link DGS-3700-12 User Manual

Ports
VLAN Name
VLAN ID
Click Apply to display the following Access Rule List window.
To view configurations for previously configured rules, click on the corresponding Show Details button, which will
display the following Access Rule Detail Information window:
Figure 7- 28 Access Rule Detail Information window (Packet Content)

CPU Access Profile List

Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This
added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously
mentioned, CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the
CPU and will either forward them or filter them, based on the user's implementation. As an added feature for the CPU
Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to
create various lists of rules without immediately enabling them.
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a
frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is
entering the criteria the Switch will use to determine what to do with the frame. The entire process is described below.
In the following window, the user may globally enable or disable the CPU Interface Filtering State mechanism by using
the radio buttons to change the running state.
To view this window, click ACL > CPU Access Profile List, as shown below:
Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny.
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual
Specifies that the access rule will take effect on one port or a range of ports.
Specifies the access rule will take effect on the VLAN Name specified.
Specifies the access rule will take effect on the VLAN ID specified.
Figure 7- 27 Access Rule List window (Packet Content)
NOTE: Address Resolution Protocol (ARP) is the standard for finding a
host's hardware address (MAC Address). However, ARP is vulnerable as
it can be easily spoofed and utilized to attack a LAN. For a more detailed
explanation on how ARP works and how to employ D-Link's advanced
unique Packet Content ACL to prevent ARP spoofing attack, please see
Appendix B, at the end of this manual.
180