Netgear GS716Tv3 – ProSAFE 16-Port Gigabit Managed Switch Administrator's Guide
Managing Device Security
223
GS716Tv3, GS724Tv4, and GS748Tv5 Smart Switches
•
Mirror Interface. Specifies the specific egress interface where the matching traffic
stream is copied in addition to being forwarded normally by the device. This field
cannot be set if a Redirect Interface is already configured for the ACL rule. This field
is visible for a Permit action.
stream is copied in addition to being forwarded normally by the device. This field
cannot be set if a Redirect Interface is already configured for the ACL rule. This field
is visible for a Permit action.
•
Redirect Interface. Specifies the specific egress interface where the matching traffic
stream is forced, bypassing any forwarding decision normally performed by the
device. This field cannot be set if a Mirror Interface is already configured for the ACL
rule. This field is visible for a Permit Action.
stream is forced, bypassing any forwarding decision normally performed by the
device. This field cannot be set if a Mirror Interface is already configured for the ACL
rule. This field is visible for a Permit Action.
•
Match Every. Select true or false from the pull down menu. True signifies that all
packets will match the selected IPv6 ACL and Rule and will be either permitted or
denied. In this case, since all packets match the rule, the option of configuring other
match criteria will not be offered. To configure specific match criteria for the rule,
remove the rule and recreate it, or reconfigure Match Every to False for the other
match criteria to be visible.
packets will match the selected IPv6 ACL and Rule and will be either permitted or
denied. In this case, since all packets match the rule, the option of configuring other
match criteria will not be offered. To configure specific match criteria for the rule,
remove the rule and recreate it, or reconfigure Match Every to False for the other
match criteria to be visible.
•
Protocol. There are two ways to configure IPv6 protocol:
-
Specify an integer ranging from 0 to 255 after selecting protocol keyword “other”.
This number represents the IPv6 protocol.
-
Select name of a protocol from the existing list of IPv6, ICMPv6, TCP, and UDP.
•
Source Prefix/Prefix Length. Specify IPv6 Prefix combined with IPv6 Prefix length of
the network or host from which the packet is being sent. Prefix length can be in the
range (0 to 128).
the network or host from which the packet is being sent. Prefix length can be in the
range (0 to 128).
•
Source L4 Port. Specify a packet’s source layer 4 port as a match condition for the
selected IPv6 ACL rule. Source port information is optional. Source port information
can be specified in two ways:
selected IPv6 ACL rule. Source port information is optional. Source port information
can be specified in two ways:
-
Select keyword “other” from the drop-down menu and specify the number of the
port in the range from 0 to 65535.
-
Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,
SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its
equivalent port number, which is used as both the start and end of the port range.
equivalent port number, which is used as both the start and end of the port range.
•
Destination Prefix/Prefix Length. Enter up to 128-bit prefix combined with prefix
length to be compared to a packet’s destination IP Address as a match criteria for the
selected IPv6 ACL rule. Prefix length can be in the range (0 to 128).
length to be compared to a packet’s destination IP Address as a match criteria for the
selected IPv6 ACL rule. Prefix length can be in the range (0 to 128).
•
Destination L4 Port. Specify a packet’s destination layer 4 port as a match condition
for the selected IPv6 ACL rule. Destination port information is optional. Destination
port information can be specified in two ways:
for the selected IPv6 ACL rule. Destination port information is optional. Destination
port information can be specified in two ways:
-
Select keyword “other” from the drop-down menu and specify the number of the
port in the range from 0 to 65535.
-
Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,
SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its
equivalent port number, which is used as both the start and end of the port range.
equivalent port number, which is used as both the start and end of the port range.
•
Flow Label. Flow label is 20-bit number that is unique to an IPv6 packet, used by end
stations to signify quality-of-service handling in routers. Flow label can be specified
within the range (0 to 1048575).
stations to signify quality-of-service handling in routers. Flow label can be specified
within the range (0 to 1048575).