Netgear S3300-28X (GS728TX) - ProSAFE S3300 Smart Switch Series Administrator's Guide
Managing Device Security
259
S3300 Smart Switch
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
source IP address.
•
Src L4 Port. Require a packet’s TCP/UDP source port to match the port listed here.
Click Complete one of the following fields:
Click Complete one of the following fields:
-
Source L4 Keyword. Select the desired L4 keyword from a list of source ports on
which the rule can be based.
which the rule can be based.
-
Source L4 Port Number. If the source L4 keyword is Other, enter a user-defined
Port ID by which packets are matched to the rule.
Port ID by which packets are matched to the rule.
•
Dst IP Address. Require a packet’s destination port IP address to match the address
listed here. Enter an IP Address in the appropriate field using dotted-decimal notation.
The address you enter is compared to a packet’s destination IP Address.
listed here. Enter an IP Address in the appropriate field using dotted-decimal notation.
The address you enter is compared to a packet’s destination IP Address.
•
Dst IP Mask. Specify the destination IP address wildcard mask. Wild card masks
determines which bits are used and which bits are ignored. A wild card mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that
all of the bits are important. Wildcard masking for ACLs operates differently from a
subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For
example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
determines which bits are used and which bits are ignored. A wild card mask of
255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that
all of the bits are important. Wildcard masking for ACLs operates differently from a
subnet mask. A wildcard mask is in essence the inverse of a subnet mask. For
example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, you type
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
•
Dst L4 Port. Require a packet’s TCP/UDP destination port to match the port listed
here. Complete one of the following fields:
here. Complete one of the following fields:
-
Destination L4 Keyword. Select the desired L4 keyword from a list of destination
ports on which the rule can be based.
ports on which the rule can be based.
-
Destination L4 Port Number. If the destination L4 keyword is Other, enter a
user-defined Port ID by which packets are matched to the rule.
user-defined Port ID by which packets are matched to the rule.
•
Service Type. Select one of the Service Type match conditions for the extended IP
ACL rule. The possible values are IP DSCP, IP precedence, and IP TOS, which are
alternative ways of specifying a match criterion for the same Service Type field in the
IP header, however each uses a different user notation. After you select the service
type, specify the value associated with the type.
IP header, however each uses a different user notation. After you select the service
type, specify the value associated with the type.
-
IP DSCP. Specify the IP DiffServ Code Point (DSCP) value. The DSCP is defined
as the high-order six bits of the Service Type octet in the IP header. Select an IP
DSCP value from the menu. To specify a numeric value in the available field,
select Other from the menu and type an integer from 0 to 63 in the field.
as the high-order six bits of the Service Type octet in the IP header. Select an IP
DSCP value from the menu. To specify a numeric value in the available field,
select Other from the menu and type an integer from 0 to 63 in the field.
-
IP Precedence. The IP Precedence field in a packet is defined as the high-order
three bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 7.
three bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 7.
-
IP TOS Bits. Matches on the Type of Service bits in the IP header when checked.
In the first TOS field, specify the two-digit hexadecimal TOS number. The second
field is for the TOS Mask, which specifies the bit positions that are used for
comparison against the IP TOS field in a packet. The TOS Mask value is a
two-digit hexadecimal number from 00 to ff, representing an inverted (wildcard)
mask. The zero-valued bits in the TOS Mask denote the bit positions in the TOS
Bits value that are used for comparison against the IP TOS field of a packet. For
In the first TOS field, specify the two-digit hexadecimal TOS number. The second
field is for the TOS Mask, which specifies the bit positions that are used for
comparison against the IP TOS field in a packet. The TOS Mask value is a
two-digit hexadecimal number from 00 to ff, representing an inverted (wildcard)
mask. The zero-valued bits in the TOS Mask denote the bit positions in the TOS
Bits value that are used for comparison against the IP TOS field of a packet. For