Netgear GS724TS-100NAS Manuale Utente
196
|
Chapter 5: Managing Device Security
GS716Tv2 and GS724Tv3 Software Administration Manual
DSCP value from the menu. To specify a numeric value in the available field,
select Other from the menu and type an integer from 0 to 63 in the field.
select Other from the menu and type an integer from 0 to 63 in the field.
•
IP Precedence: The IP Precedence field in a packet is defined as the high-order
three bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 7.
configuration. Enter an integer from 0 to 7.
•
IP TOS Bits: Matches on the Type of Service bits in the IP header when checked.
In the first TOS field, specify the two-digit hexadecimal TOS number. The second
field is for the TOS Mask, which specifies the bit positions that are used for
comparison against the IP TOS field in a packet. The TOS Mask value is a
two-digit hexadecimal number from 00 to ff, representing an inverted (i.e.
wildcard) mask. The zero-valued bits in the TOS Mask denote the bit positions in
the TOS Bits value that are used for comparison against the IP TOS field of a
packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit
1 clear, where bit 7 is most significant, use a TOS Bits value of a0 and a TOS
Mask of 00.
In the first TOS field, specify the two-digit hexadecimal TOS number. The second
field is for the TOS Mask, which specifies the bit positions that are used for
comparison against the IP TOS field in a packet. The TOS Mask value is a
two-digit hexadecimal number from 00 to ff, representing an inverted (i.e.
wildcard) mask. The zero-valued bits in the TOS Mask denote the bit positions in
the TOS Bits value that are used for comparison against the IP TOS field of a
packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit
1 clear, where bit 7 is most significant, use a TOS Bits value of a0 and a TOS
Mask of 00.
3.
To delete an IP ACL rule, select the check box associated with the rule, and then click
Delete.
4.
Click Cancel to cancel the configuration on the screen and reset the data on the screen to
the latest value of the switch.
5.
To modify an existing IP Extended ACL rule, click the Rule ID. The number is a hyperlink to
the Extended ACL Rule Configuration page. If the rule is Deny, you can specify the CPU
Notification Mode.
•
Enable. The switch to turn off PoE power to the port if the user is rejected by ACL.
When the rule is hit and the PoE component receives this notification, the PoE
component turns off PoE power for the port. To turn on the port power, you must
manually enable the PoE port Admin Mode.
component turns off PoE power for the port. To turn on the port power, you must
manually enable the PoE port Admin Mode.
•
Disable: When a packet matches the ACL rule, the CPU is not notified, and the port
continues to provide power.
6.
If you modify the rule, click Apply to submit the changes to the switch.
IP Binding Configuration
When an ACL is bound to an interface, all the rules that have been defined are applied to the
selected interface. Use the IP Binding Configuration page to assign ACL lists to ACL
Priorities and Interfaces.
selected interface. Use the IP Binding Configuration page to assign ACL lists to ACL
Priorities and Interfaces.
To display the IP Binding Configuration page, click Security
ACL, then click the Advanced
IP Binding Configuration link.