Netgear M4100-D12G (GSM5212v1h1) - 10‐port GE + 2 GE Combo L2 Managed PD Switch Manual De Usuario
Manage Device Security
345
M4100 Series Managed Switch
Access Control List Overview
Access control lists (ACLs) ensure that only authorized users can access specific resources
while blocking off any unwarranted attempts to reach network resources. ACLs are used to
provide traffic flow control, restrict contents of routing updates, decide which types of traffic
are forwarded or blocked, and above all provide security for the network.The managed switch
software supports IPv4, IPv6, and MAC ACLs.
while blocking off any unwarranted attempts to reach network resources. ACLs are used to
provide traffic flow control, restrict contents of routing updates, decide which types of traffic
are forwarded or blocked, and above all provide security for the network.The managed switch
software supports IPv4, IPv6, and MAC ACLs.
You first create an IPv4-based or IPv6-based or MAC based ACL ID. Then, you create a rule
and assign it to a unique ACL ID. Next, you define the rules, which can identify protocols,
source, and destination IP and MAC addresses, and other packet-matching criteria. Finally,
use the ID number to assign the ACL to a port or to a LAG.
and assign it to a unique ACL ID. Next, you define the rules, which can identify protocols,
source, and destination IP and MAC addresses, and other packet-matching criteria. Finally,
use the ID number to assign the ACL to a port or to a LAG.
Use the ACL Wizard
The ACL Wizard helps you to create a simple ACL and apply it to the selected ports easily
and quickly. First you must select an ACL type to create an ACL. Then add ACL rule to this
and quickly. First you must select an ACL type to create an ACL. Then add ACL rule to this
ACL, and apply this ACL on the selected ports. The ACL Wizard allows you to create the ACL
but doesn't allow you to modify it. If you want to modify it, go to the ACL configuration screen.
To use the ACL Wizard:
1.
Prepare your computer with a static IP address in the 169.254.100.0 subnet, for
example, 169.254.100.201.
example, 169.254.100.201.
2.
Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on
the switch.
the switch.
3.
Launch a web browser.
4.
Enter the IP address of the switch in the web browser address field.
Bad Source MAC
Number of ARP packets that were dropped by DAI because the sender
MAC address in ARP packet didn't match the source MAC in Ethernet
header.
MAC address in ARP packet didn't match the source MAC in Ethernet
header.
Bad Dest MAC
Number of ARP packets that were dropped by DAI because the target
MAC address in ARP reply packet didn't match the destination MAC in
Ethernet header.
MAC address in ARP reply packet didn't match the destination MAC in
Ethernet header.
Invalid IP
Number of ARP packets that were dropped by DAI because the sender
IP address in the ARP packet or target IP address in ARP reply packet
is invalid. Invalid addresses include 0.0.0.0, 255.255.255.255, IP
multicast addresses, class E addresses (240.0.0.0/4), loopback
addresses (127.0.0.0/8).
IP address in the ARP packet or target IP address in ARP reply packet
is invalid. Invalid addresses include 0.0.0.0, 255.255.255.255, IP
multicast addresses, class E addresses (240.0.0.0/4), loopback
addresses (127.0.0.0/8).
Forwarded
Number of valid ARP packets forwarded by DAI.
Dropped
Number of invalid ARP packets dropped by DAI.
Table 92. Dynamic ARP inspection statistics
Field
Description