Web Management Guide-R07
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Introduction
- Key Features
- Description of Software Features
- Configuration Backup and Restore
- Authentication
- Access Control Lists
- Port Configuration
- Rate Limiting
- Port Mirroring
- Port Trunking
- Storm Control
- Static MAC Addresses
- IP Address Filtering
- IEEE 802.1D Bridge
- Store-and-Forward Switching
- Spanning Tree Algorithm
- Virtual LANs
- IEEE 802.1Q Tunneling (QinQ)
- Traffic Prioritization
- Quality of Service
- IP Routing
- Address Resolution Protocol
- Multicast Filtering
- Link Layer Discovery Protocol
- System Defaults
- Introduction
- Web Configuration
- Using the Web Interface
- Basic Management Tasks
- Displaying System Information
- Displaying Hardware/Software Versions
- Configuring Support for Jumbo Frames
- Displaying Bridge Extension Capabilities
- Managing System Files
- Setting the System Clock
- Configuring the Console Port
- Configuring Telnet Settings
- Displaying CPU Utilization
- Configuring CPU Guard
- Displaying Memory Utilization
- Resetting the System
- Using Cloud Management
- Interface Configuration
- VLAN Configuration
- Address Table Settings
- Spanning Tree Algorithm
- Congestion Control
- Class of Service
- Quality of Service
- VoIP Traffic Configuration
- Security Measures
- AAA (Authentication, Authorization and Accounting)
- Configuring User Accounts
- Web Authentication
- Network Access (MAC Address Authentication)
- Configuring HTTPS
- Configuring the Secure Shell
- Access Control Lists
- Filtering IP Addresses for Management Access
- Configuring Port Security
- Configuring 802.1X Port Authentication
- DoS Protection
- DHCP Snooping
- IPv4 Source Guard
- ARP Inspection
- Basic Administration Protocols
- Configuring Event Logging
- Link Layer Discovery Protocol
- Power over Ethernet
- Simple Network Management Protocol
- Configuring Global Settings for SNMP
- Setting the Local Engine ID
- Specifying a Remote Engine ID
- Setting SNMPv3 Views
- Configuring SNMPv3 Groups
- Setting Community Access Strings
- Configuring Local SNMPv3 Users
- Configuring Remote SNMPv3 Users
- Specifying Trap Managers
- Creating SNMP Notification Logs
- Showing SNMP Statistics
- Remote Monitoring
- Switch Clustering
- Setting a Time Range
- LBD Configuration
- Smart Pair Configuration
- Multicast Filtering
- Overview
- Layer 2 IGMP (Snooping and Query for IPv4)
- Configuring IGMP Snooping and Query Parameters
- Specifying Static Interfaces for a Multicast Router
- Assigning Interfaces to Multicast Services
- Setting IGMP Snooping Status per Interface
- Filtering IGMP Query Packets and Multicast Data
- Displaying Multicast Groups Discovered by IGMP Snooping
- Displaying IGMP Snooping Statistics
- Filtering and Throttling IGMP Groups
- MLD Snooping (Snooping and Query for IPv6)
- Filtering and Throttling MLD Groups
- Filtering MLD Query Packets on an Interface
- IP Tools
- IP Configuration
- General IP Routing
- Unicast Routing
- Overview
- Configuring the Routing Information Protocol
- Configuring General Protocol Settings
- Clearing Entries from the Routing Table
- Specifying Network Interfaces
- Specifying Passive Interfaces
- Specifying Static Neighbors
- Configuring Route Redistribution
- Specifying an Administrative Distance
- Configuring Network Interfaces for RIP
- Displaying RIP Interface Settings
- Displaying Peer Router Information
- Resetting RIP Statistics
- IP Services
- Appendices
- Glossary
Chapter 12
| Security Measures
Access Control Lists
– 286 –
◆ Action – An ACL can contain any combination of permit or deny rules.
◆ Source Address Type – Specifies the source IP address type. Use “Any” to
include all possible addresses, “Host” to specify a specific host address in the
Address field, or “IPv6-Prefix” to specify a range of addresses. (Options: Any,
Host, IPv6-Prefix; Default: Any)
◆ Destination Address Type – Specifies the destination IP address type. Use
“Any” to include all possible addresses, or “IPv6-Prefix” to specify a range of
addresses. (Options: Any, IPv6-Prefix; Default: Any)
◆ Source/Destination IPv6 Address – An IPv6 address or network class. The
address must be formatted according to RFC 2373 “IPv6 Addressing
Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double
colon may be used in the address to indicate the appropriate number of zeros
required to fill the undefined fields.
◆ Source/Destination Prefix-Length – A decimal value indicating how many
contiguous bits (from the left) of the address comprise the prefix; i.e., the
network portion of the address. (Range: 0-128 bits for the source prefix; 0-8 bits
for the destination prefix)
◆ DSCP – DSCP traffic class. (Range: 0-63)
◆ Next Header - Identifies the type of header immediately following the IPv6
header. (Range: 0-255)
◆ Source Port – Protocol
6
source port number. (Range: 0-65535)
◆ Source Port Bit Mask – Decimal number representing the port bits to match.
(Range: 0-65535)
◆ Destination Port – Protocol
6
destination port number. (Range: 0-65535)
◆ Destination Port Bit Mask – Decimal number representing the port bits to
match. (Range: 0-65535)
◆ Time Range – Name of a time range.
Web Interface
To add rules to an Extended IPv6 ACL:
1. Click Security, ACL.
2. Select Configure ACL from the Step list.
3. Select Add Rule from the Action list.
6. Includes TCP, UDP or other protocol types.