Home » Netgear Manuals » Hubs & Switches » Netgear XCM89UP » Manual Viewer

Netgear XCM89UP Web Management User Guide - Page 484

Action, Logging, Assign Queue ID, Mirror Interface, Redirect Interface, Match Every, Protocol Type

Add to My Manuals
Save this manual to your list of manuals

Page 484 highlights

M6100 Web Management User Guide 3. Specify the Action to take if a packet matches the rule's criteria. The choices are Permit or Deny. 4. Set Logging to Enable to enable logging for this ACL rule (subject to resource availability in the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a Deny Action. 5. In the Assign Queue ID, specify the hardware egress queue identifier used to handle all packets matching this IP ACL rule. The valid range of Queue IDs is 0 to 6. 6. Use the Mirror Interface field to specify the specific egress interface where the matching traffic stream is copied, in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a Permit Action. 7. Use the Redirect Interface field to specify the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. This field cannot be set if a Mirror Interface is already configured for the ACL rule. This field is enabled for a Permit Action. 8. Select True or False from the Match Every menu. True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied. In this case, since all packets match the rule, the option of configuring other match criteria will not be offered. To configure specific match criteria for the rule, remove the rule and re-create it, or re-configure Match Every to False for the other match criteria to be visible. 9. Use the Protocol Type field to specify that a packet's IP protocol is a match condition for the selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, and PIM. 10. In the TCP Flag field, specify that a packet's TCP flag is a match condition for the selected IP ACL rule. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. Each TCP flag has the possible values below and can be set separately: • Ignore-A packet matches this ACL rule whether the TCP flag in this packet is set or not. • Set (+)-A packet matches this ACL rule if the TCP flag in this packet is set. • Clear(-)-A packet matches this ACL rule if the TCP flag in this packet is not set. 11. When Established is specified, a match occurs if either RST- or ACK-specified bits are set in the TCP header. These fields are enabled only when TCP protocol is selected. 12. In the Src field, enter a source IP Address, using dotted-decimal notation, to be compared to a packet's source IP Address as a match criteria for the selected IP ACL rule. a. Select the IP Address option and enter an IP address with a relevant wild card mask to apply this criteria. If this field is left empty, it means any. b. When you select the Host option, the wild card mask is configured as 0.0.0.0. If this field is left empty, it means any. The wild card mask determines which bits are used and which bits are ignored. A wild card mask of 0.0.0.0 indicates that none of the bits are important. A wild card of 255.255.255.255 indicates that all of the bits are important. Managing Device Security 484

Section	Page
M6100 Web Management User Guide	1
Contents	3
1. Getting Started	9
Switch Management Interface	9
Web Access	9
Understanding the User Interfaces	10
Using the Web Interface	10
Using SNMP	14
Interface Naming Convention	15
2. Configuring System Information	16
Management	16
System Information	17
System CPU Status	22
Switch Statistics	24
USB Device Information	27
Loopback Interface	29
Network Interface	30
Time	37
DNS	43
SDM Template Preference	45
Green Ethernet Configuration	47
Device View	55
Services	55
DHCP Server	55
DHCP Relay	64
DHCP L2 Relay	65
UDP Relay	67
DHCPv6 Server	70
DHCPv6 Relay	78
Chassis	79
Basic Chassis Configuration	79
Advanced Chassis Configuration	82
NSF	92
PoE	94
Basic	94
Advanced	96
SNMP	99
SNMP V1/V2	99
SNMP V3	104
LLDP	105
LLDP	105
LLDP-MED	113
ISDP	121
Basic	121
Advanced	122
Timer Schedule	126
Timer Global Configuration	126
Timer Schedule Configuration	127
3. Configuring Switching Information	130
VLANs	130
Basic	131
Advanced	132
Auto-VoIP	144
Protocol-based	144
OUI-based	145
iSCSI	148
iSCSI Global Configuration	148
iSCSI Sessions	150
iSCSI Targets Configuration	150
iSCSI Sessions Detailed	151
Spanning Tree Protocol	152
Basic	152
Advanced	154
Multicast	166
MFDB	167
IGMP Snooping	168
MLD Snooping	176
MVR Configuration	182
Basic	183
Advanced	184
Address Table	188
Basic	188
Advanced	189
Ports	192
Port Configuration	192
Port Description	194
Port Transceiver	195
Link Aggregation Groups	196
LAG Configuration	197
LAG Membership	198
Multiswitch Link Aggregation Group	200
Virtual Port Channel Global Configuration	200
Virtual Port Channel Interface Configuration	204
Virtual Port Channel Interface Details	205
Virtual Port Channel Keepalive Statistics	207
Virtual Port Channel Peer Link Statistics	208
4. Routing	211
Routing Table	211
Basic	211
Advanced	213
IP	217
Basic	217
Advanced	223
IPv6	233
IPv6 Basic	233
IPv6 Advanced	235
VLAN	249
VLAN Routing Wizard	249
VLAN Routing Configuration	250
ARP	251
Basic	252
Advanced	252
RIP	256
Basic RIP Configuration	256
Advanced RIP Configuration	256
OSPF	262
Basic OSPF Configuration	262
Advanced OSPF Configuration	263
OSPFv3	294
Basic OSPFv3 Configuration	294
Advanced OSPFv3 Configuration	295
Router Discovery	321
Virtual Router Redundancy Protocol	322
Basic VRRP Configuration	322
Advanced VRRP Configuration	323
Multicast	330
Multicast Mroute Table	331
Multicast Global Configuration	332
Multicast Interface Configuration	333
Multicast DVMRP	333
Multicast IGMP	339
Multicast PIM	347
Multicast Static Routes Configuration	353
Multicast Admin Boundary Configuration	353
IPv6 Multicast	354
IPv6 Multicast Mroute Table	354
IPv6 Multicast PIM	355
IPv6 Multicast MLD	361
IPv6 Multicast Static Routes Configuration	369
5. Configuring Quality of Service	370
Class of Service	370
Basic	371
Advanced	372
Differentiated Services	378
DiffServ Wizard	379
Basic	380
Advanced	382
6. Managing Device Security	395
Management Security Settings	395
Local User	395
Enable Password Configuration	397
Line Password Configuration	398
RADIUS	399
TACACS	404
Authentication List Configuration	406
Login Sessions	411
Configuring Management Access	411
HTTP	411
HTTPS	413
SSH	416
Telnet	419
Console Port	421
Denial of Service Configuration	422
Access Control	424
Port Authentication	427
Basic	427
Advanced	429
Traffic Control	436
MAC Filter	437
Port Security	439
Private Group	442
Protected Ports Configuration	444
Private VLAN	444
Storm Control	448
Control	451
DHCP Snooping	451
IP Source Guard	455
Dynamic ARP Inspection	457
Captive Portal	461
Configuring Access Control Lists	471
ACL Wizard	471
Basic	474
Advanced	479
7. Monitoring the System	496
Ports	496
Port Statistics	496
Port Detailed Statistics	498
EAP Statistics	504
Cable Test	505
Logs	506
Buffered Logs	506
Command Log Configuration	508
Console Log Configuration	508
Syslog Configuration	509
Trap Logs	510
Event Logs	511
Persistent Logs	512
Mirroring	513
Multiple Port Mirroring	513
sFlow	515
Basic	515
Advanced	516
8. Maintenance	519
Save Configuration	519
Save Configuration	519
Auto Install Configuration	520
Reset	520
Device Reboot	520
Power Cycle	521
Factory Default	521
Password Reset	522
Upload File From Switch	522
File Upload	523
HTTP File Upload	524
USB File Upload	525
Download File To Switch	526
File Download	526
HTTP File Download	528
USB File Download	530
File Management	530
Copy	531
Dual Image Configuration	531
Troubleshooting	532
Ping IPv4	532
Ping IPv6	534
Traceroute IPv4	535
Traceroute IPv6	537
Full Memory Dump	538
9. Help	540
Registration	540
Online Help	540
Support	540
User Guide	541
A. Default Settings	542
B. Configuration Examples	545
Virtual Local Area Networks (VLANs)	545
VLAN Example Configuration	546
Access Control Lists (ACLs)	547
MAC ACL Example Configuration	548
Standard IP ACL Example Configuration	549
Differentiated Services (DiffServ)	550
Class	550
DiffServ Traffic Classes	551
Creating Policies	551
DiffServ Example Configuration	552
802.1X	554
802.1X Example Configuration	555
MSTP	556
MSTP Example Configuration	558

Match case Limit results 1 per page

Managing Device Security

484

M6100 Web Management User Guide

Specify the

Action

to take if a packet matches the rule's criteria. The choices are Permit or

Deny.

Set

Logging

to Enable to enable logging for this ACL rule (subject to resource availability in

the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be

generated indicating the number of times this rule was

hit

during the current report interval.

A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL

rule hit count is zero for the current interval. This field is visible for a

Deny

Action.

In the

Assign Queue ID,

specify the hardware egress queue identifier used to handle all

packets matching this IP ACL rule. The valid range of Queue IDs is 0 to 6.

Use the

Mirror Interface

field to specify the specific egress interface where the matching

traffic stream is copied, in addition to being forwarded normally by the device. This field

cannot be set if a Redirect Interface is already configured for the ACL rule. This field is

visible for a

Permit

Action.

Use the

Redirect Interface

field to specify the specific egress interface where the matching

traffic stream is forced, bypassing any forwarding decision normally performed by the device.

This field cannot be set if a Mirror Interface is already configured for the ACL rule. This field

is enabled for a

Permit

Action.

Select True or False from the

Match Every

menu. True signifies that all packets will match

the selected IP ACL and Rule and will be either permitted or denied. In this case, since all

packets match the rule, the option of configuring other match criteria will not be offered. To

configure specific match criteria for the rule, remove the rule and re-create it, or re-configure

Match Every

to False for the other match criteria to be visible.

Use the

Protocol Type

field to specify that a packet's IP protocol is a match condition for the

selected IP ACL rule. The possible values are ICMP, IGMP, IP, TCP, UDP, EIGRP, GRE,

IPINIP, OSPF, and PIM.

10.

In the

TCP Flag

field, specify that a packet's TCP flag is a match condition for the selected

IP ACL rule. The TCP flag values are URG, ACK, PSH, RST, SYN, and FIN. Each TCP flag

has the possible values below and can be set separately:

•

Ignore

—

A packet matches this ACL rule whether the TCP flag in this packet is set or

not.

•

Set (+)

—

A packet matches this ACL rule if the TCP flag in this packet is set.

•

Clear(-)

—

A packet matches this ACL rule if the TCP flag in this packet is not set.

11.

When

Established

is specified, a match occurs if either RST- or ACK-specified bits are set

in the TCP header. These fields are enabled only when TCP protocol is selected.

12.

In the

Src

field, enter a source IP Address, using dotted-decimal notation, to be compared to

a packet's source IP Address as a match criteria for the selected IP ACL rule.

Select the

IP Address

option and enter an IP address with a relevant wild card mask

to apply this criteria. If this field is left empty, it means

any

When you select the

Host

option, the wild card mask is configured as 0.0.0.0. If this

field is left empty, it means

any

The wild card mask determines which bits are used and which bits are ignored. A wild

card mask of 0.0.0.0 indicates that

none

of the bits are important. A wild card of

255.255.255.255 indicates that

all

of the bits are important.