D-Link xStack DES-3800 Series User Manual page 222
Layer 3 stackable fast ethernet managed switch
Hide thumbs
Also See for xStack DES-3800 Series:
- User manual (334 pages) ,
- Cli manual (326 pages) ,
- User manual (360 pages)
Table of Contents
Advertisement
With this advanced unique Packet Content Mask (also known as Packet Content Access Control
List - ACL), D-Link xStack switch family can effectively mitigate some network attacks like the
common ARP Spoofing attack that is wide spread today. This is the reason why Packet Content
ACL is able to inspect any specified content of a packet in different protocol layers.
Click Apply to implement changes made.
The page shown below is the IPv6 Access Profile configuration window.
This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The
following fields are used to configure the IPv6:
Parameter
Description
Profile ID (1-255)
Type in a unique identifier number for this profile set. This value can be set from 1 to 255. Yet
only 9 access profiles can be created on the Switch.
Type
Select profile based on Ethernet (MAC Address), IP Address, Packet Content or IPv6 address.
This will change the menu according to the requirements for the type of profile.
Class
Checking this field will instruct the Switch to examine the class field of the IPv6 header. This
class field is a part of the packet header that is similar to the Type of Service (ToS) or
Precedence bits field in IPv4.
Checking this field will instruct the Switch to examine the flow label field of the IPv6 header.
Flowlabel
This flow label field is used by a source to label sequences of packets such as non-default
xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch
value (48-63) – Enter a value in hex form to mask the packet from byte 48 to byte 63.
•
value (64-79) – Enter a value in hex form to mask the packet from byte 64 to byte 79.
•
NOTE: Address Resolution Protocol (ARP) is the standard for finding a
host's hardware address (MAC Address). However, ARP is vulnerable as
it can be easily spoofed and utilized to attack a LAN. For a more detailed
explanation on how ARP works and how to employ D-Link's advanced
unique Packet Content ACL to prevent ARP spoofing attack, please see
Appendix F, at the end of this manual.
Figure 10- 5. Access Profile Configuration (IPv6)
Select Ethernet to instruct the Switch to examine the layer 2 part of each packet
•
header.
Select IP to instruct the Switch to examine the IP address in each frame's header.
•
Select Packet Content Mask to specify a mask to hide the content of the packet
•
header.
Select IPv6 to instruct the Switch to examine the IPv6 address in each frame's
•
header.
206
- Quick Links:
- User Manual
- Reset
Hide quick links:
Advertisement
Table of Contents
