Netgear M7300-24XF (XSM7224S) - ProSAFE 24-port, 10 Gigabit Stackable L2+ Managed Switch ユーザーズマニュアル
Appendix : Configuration Examples
|
511
ProSafe® XSM7224S 10G Managed Stackable Switch Software Administration Manual
•
For the VLAN with VLAN ID 10, specify the following members: port 1 (U), port 2 (U),
and port 3 (T).
•
For the VLAN with VLAN ID 20, specify the following members: port 4 (U), port 5 (T),
and port 6 (U).
3.
In the Port PVID Configuration screen (see “Port PVID Configuration” on page
3-144),
specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the
port VLAN ID:
•
Port g1: PVID 10
•
Port g4: PVID 20
4.
With the VLAN configuration that you set up, the following situations produce results as
described:
•
If an untagged packet enters port 1, the switch tags it with VLAN ID 10. The packet
has access to port 2 and port 3. The outgoing packet is stripped of its tag to leave port
2 as an untagged packet. For port 3, the outgoing packet leaves as a tagged packet
with VLAN ID 10.
2 as an untagged packet. For port 3, the outgoing packet leaves as a tagged packet
with VLAN ID 10.
•
If a tagged packet with VLAN ID 10 enters port 3, the packet has access to port 1 and
port 2. If the packet leaves port 1 or port 2, it is stripped of its tag to leave the switch
as an untagged packet.
port 2. If the packet leaves port 1 or port 2, it is stripped of its tag to leave the switch
as an untagged packet.
•
If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet
has access to port 5 and port 6. The outgoing packet is stripped of its tag to become
an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a
tagged packet with VLAN ID 20.
Access Control Lists (ACLs)
ACLs ensure that only authorized users have access to specific resources while blocking off
any unwarranted attempts to reach network resources.
any unwarranted attempts to reach network resources.
ACLs are used to provide traffic flow control, restrict contents of routing updates, decide
which types of traffic are forwarded or blocked, and provide security for the network. ACLs
are normally used in firewall routers that are positioned between the internal network and an
external network, such as the Internet. They can also be used on a router positioned between
two parts of the network to control the traffic entering or exiting a specific part of the internal
network. The added packet processing required by the ACL feature does not affect switch
performance. That is, ACL processing occurs at wire speed.
which types of traffic are forwarded or blocked, and provide security for the network. ACLs
are normally used in firewall routers that are positioned between the internal network and an
external network, such as the Internet. They can also be used on a router positioned between
two parts of the network to control the traffic entering or exiting a specific part of the internal
network. The added packet processing required by the ACL feature does not affect switch
performance. That is, ACL processing occurs at wire speed.
Access lists are a sequential collection of permit and deny conditions. This collection of
conditions, known as the filtering criteria, is applied to each packet that is processed by the
switch or the router. The forwarding or dropping of a packet is based on whether or not the
packet matches the specified criteria.
conditions, known as the filtering criteria, is applied to each packet that is processed by the
switch or the router. The forwarding or dropping of a packet is based on whether or not the
packet matches the specified criteria.
Traffic filtering requires the following two basic steps:
1.
Create an access list definition.
The access list definition includes rules that specify whether traffic matching the criteria is
forwarded normally or discarded. Additionally, you can assign traffic that matches the
forwarded normally or discarded. Additionally, you can assign traffic that matches the