Netgear GS752TP - 52PT GE POE SMART SWITCH Guia Do Administrador
Managing Device Security
199
GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches
•
Logging. When set to Enable, logging is enabled for this ACL rule (subject to
resource availability in the device). If the access list trap flag is also enabled, this
causes periodic traps to be generated indicating the number of times this rule was hit
during the current report interval. A fixed 5-minute report interval is used for the entire
system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This
field is available for a deny action.
resource availability in the device). If the access list trap flag is also enabled, this
causes periodic traps to be generated indicating the number of times this rule was hit
during the current report interval. A fixed 5-minute report interval is used for the entire
system. A trap is not issued if the ACL rule hit count is 0 for the current interval. This
field is available for a deny action.
•
Match Every. Requires a packet to match the criteria of this ACL. Select Enable or
Disable. Match Every is exclusive to the other filtering rules, so if Match Every is
enabled, the other rules on the screen are not available.
Disable. Match Every is exclusive to the other filtering rules, so if Match Every is
enabled, the other rules on the screen are not available.
•
Src IP Address. Requires a packet’s source IP address to match the address listed
here. Enter an IP address using dotted-decimal notation. The address you enter is
compared to a packet's source IP address.
here. Enter an IP address using dotted-decimal notation. The address you enter is
compared to a packet's source IP address.
•
Src IP Mask. Specifies the source IP address wildcard mask. Wildcard masks
determine which bits are used and which bits are ignored. A wildcard mask of
255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0
indicates that all of the bits are important. Wildcard masking for ACLs operates
differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet
mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
determine which bits are used and which bits are ignored. A wildcard mask of
255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0
indicates that all of the bits are important. Wildcard masking for ACLs operates
differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet
mask. For example, to apply the rule to all hosts in the 192.168.1.0/24 subnet, enter
0.0.0.255 in the Source IP Mask field. This field is required when you configure a
source IP address.
4.
Click ADD.
Configuration changes take effect immediately.
To update an IP ACL rule, select the check box associated with the rule, update the desired
fields, and click APPLY. You cannot modify the Rule ID of an existing IP rule.
fields, and click APPLY. You cannot modify the Rule ID of an existing IP rule.
IP Extended Rules
Use the IP Extended Rules screen to define rules for IP-based extended ACLs. The access
list definition includes rules that specify whether traffic matching the criteria is forwarded
normally or discarded.
list definition includes rules that specify whether traffic matching the criteria is forwarded
normally or discarded.
Note:
There is an implicit “deny all” rule at the end of an ACL list. This rule
means that if an ACL is applied to a packet and if none of the explicit
rules match, the final implicit “deny all” rule applies and the packet is
dropped.
means that if an ACL is applied to a packet and if none of the explicit
rules match, the final implicit “deny all” rule applies and the packet is
dropped.
To configure rules for an IP ACL:
1.
Click Security
ACL > Advanced
IP Extended Rules.