Netgear XCM89UP Web Management User Guide - Page 484
Action, Logging, Assign Queue ID, Mirror Interface, Redirect Interface, Match Every, Protocol Type
View all Netgear XCM89UP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 484 highlights
M6100 Web Management User Guide 3. Specify the Action to take if a packet matches the rule's criteria. The choices are Permit or Deny. 4. Set Logging to Enable to enable logging for this ACL rule (subject to resource availability in the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a Deny Action. 5. In the Assign Queue ID, specify the hardware egress queue identifier used to handle all packets matching this IP ACL rule. The valid range of Queue IDs is 0 to 6. 6. Use the Mirror Interface field to specify the specific egress interface where the matching traffic stream is copied, in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a Permit Action. 7. Use the Redirect Interface field to specify the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. This field cannot be set if a Mirror Interface is already configured for the ACL rule. This field is enabled for a Permit Action. 8. Select True or False from the Match Every menu. True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied. In this case, since all packets match the rule, the option of configuring other match criteria will not be offered. To configure specific match criteria for the rule, remove the rule and re-create it, or re-configure Match Every to False for the other match criteria to be visible. 9. Use the Protocol Type field to specify that a packet's IP protocol is a match condition for the selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, and PIM. 10. In the TCP Flag field, specify that a packet's TCP flag is a match condition for the selected IP ACL rule. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. Each TCP flag has the possible values below and can be set separately: • Ignore-A packet matches this ACL rule whether the TCP flag in this packet is set or not. • Set (+)-A packet matches this ACL rule if the TCP flag in this packet is set. • Clear(-)-A packet matches this ACL rule if the TCP flag in this packet is not set. 11. When Established is specified, a match occurs if either RST- or ACK-specified bits are set in the TCP header. These fields are enabled only when TCP protocol is selected. 12. In the Src field, enter a source IP Address, using dotted-decimal notation, to be compared to a packet's source IP Address as a match criteria for the selected IP ACL rule. a. Select the IP Address option and enter an IP address with a relevant wild card mask to apply this criteria. If this field is left empty, it means any. b. When you select the Host option, the wild card mask is configured as 0.0.0.0. If this field is left empty, it means any. The wild card mask determines which bits are used and which bits are ignored. A wild card mask of 0.0.0.0 indicates that none of the bits are important. A wild card of 255.255.255.255 indicates that all of the bits are important. Managing Device Security 484