D-Link DWS-4026 User Manual page 348

D-Link Unified Access System
Field
Rule
Rule ID
Action
Logging
Assign Queue ID
Mirror Interface
Match Every
Protocol Keyword
Protocol Number
Source IP Address
Page 348 Configuring Access Control Lists
Table 219: IP ACL Rule Configuration Fields (Cont.)
Description
Select an existing Rule ID to modify or select Create Rule to configure a new ACL
Rule. New rules cannot be created if the maximum number of rules has been reached.
For each rule, a packet must match all the specified criteria in order to be true against
that rule and for the specified rule action (Permit/Deny) to take place.
This field is only available if you select Create Rule from the Rule field. Enter a new
Rule ID which is a whole number in the range of 1 to 12 that will be used to identify the
rule. After you click Submit, the new ID is created and you can configure the rule
settings. The number of rules you can create in an ACL is platform dependent.
Selects the ACL forwarding action. Click Configure to change the action. Select the
desired action from the dropdown menu, and then click Submit or Cancel to return to
the Rule Configuration page. Possible values are;
• Permit. Forwards packets which meet the ACL criteria.
• Deny. Drops packets which meet the ACL criteria.
This field is only visible for a Deny Action. When set to True, logging is enabled for this
ACL rule (subject to resource availability in the device). If the Access List Trap Flag is
also enabled, this will cause periodic traps to be generated indicating the number of
times this rule went into effect during the current report interval. A fixed 5 minute report
interval is used for the entire system. A trap is not issued if the ACL rule hit count is
zero for the current interval.
This field is only visible when the Action is Permit. Use this field to specify the hardware
egress queue identifier used to handle all packets matching this AP ACL Rule. Click
Configure, and then enter an identifying queue number (0 to 7) in the appropriate field.
Click Submit or Cancel to return to the Rule Configuration page.
This field is only visible when the Action is Permit. Use this field to specify the specific
egress interface where the matching traffic stream is copied in addition to being
forwarded normally by the device. Click Configure, and then select an interface from
the dropdown list. Packets that meet the rule are mirrored on the interface you select.
Click Submit or Cancel to return to the Rule Configuration page.
Requires a packet to match the criteria of this ACL. Click Configure, and then select
True or False from the dropdown list. Then click Submit or Cancel to return to the Rule
Configuration page. True signifies that all packets will match the selected IP ACL and
Rule and will be either permitted or denied. Match Every is exclusive to the other
filtering rules, so if Match Every is True, the other rules on the screen do not appear.
To configure specific match criteria for the rule, remove the rule and re-create it, or
reconfigure 'Match Every' to 'False' for the other match criteria to be visible.
Specify that a packet's IP protocol is a match condition for the selected IP ACL rule.
The possible values are ICMP, IGMP, IP, TCP, and UDP. Either the 'Protocol
Keyword' field or the 'Protocol Number' field can be used to specify an IP protocol
value as a match criteria. Click Configure, and then select the protocol keyword from
the dropdown list. Click Submit or Cancel to return to the Rule Configuration page.
Specify that a packet's IP protocol is a match condition for the selected IP ACL rule
and identify the protocol by number. The protocol number is a standard value assigned
by IANA and is interpreted as a integer from 0 to 255. Either the 'Protocol Number' field
or the 'Protocol Keyword' field can be used to specify an IP protocol value as a match
criteria.
Requires a packet's source port IP address to match the address listed here. Click
Configure, and then enter an IP Address in the appropriate field using dotted-decimal
notation. The address you enter is compared to a packet's source IP Address. You
also configure the Source IP Mask on the page.
Software User Manual
Document 34CSFP6XXUWS-SWUM100-D7
12/10/09