System information

ManualsBrandsNetgear ManualsNetworkingGS752TXS

241

242

243

244

245

246

247

248

249

250

Chapter 7: Managing Device Security | 241

GS752TXS Smart Switch Software Administration Manual

• Logging: When set to Enable, logging is enabled for this ACL rule (subject to

resource availability in the device). If the Access List Trap Flag is also enabled, then

this causes periodic traps to be generated indicating the number of times this rule was

hit during the current report interval. A fixed 5-minute report interval is used for the

entire system. A trap is not issued if the ACL rule hit count is zero for the current

interval. This field is visible for a Deny action.

• Assign Queue ID: Specifies the hardware egress queue identifier used to handle all

packets matching this IPv6 ACL rule. The valid range of Queue IDs is from 0 to 6.

This field is visible for a Permit Action.

• Mirror Interface: Specifies the specific egress interface where the matching traffic

stream is copied in addition to being forwarded normally by the device. This field

cannot be set if a Redirect Interface is already configured for the ACL rule. This field

is visible for a 'Permit' Action.

• Redirect Interface: Specifies the specific egress interface where the matching traffic

stream is forced, bypassing any forwarding decision normally performed by the

device. This field cannot be set if a Mirror Interface is already configured for the ACL

rule. This field is visible for a Permit Action.

• Match Every: Select true or false from the pull down menu. True signifies that all

packets will match the selected IPv6 ACL and Rule and will be either permitted or

denied. In this case, since all packets match the rule, the option of configuring other

match criteria will not be offered. To configure specific match criteria for the rule,

remove the rule and recreate it, or reconfigure Match Every to False for the other

match criteria to be visible.

• Protocol: There are two ways to configure IPv6 protocol:

• Specify an integer ranging from 0 to 255 after selecting protocol keyword “other”.

This number represents the IPv6 protocol.

• Select name of a protocol from the existing list of IPv6, ICMPv6, MLD, TCP, and

UDP.

• Source Prefix/Prefix Length: Specify IPv6 Prefix combined with IPv6 Prefix length of

the network or host from which the packet is being sent. Prefix length can be in the

range (0 to 128).

• Source L4 Port: Specify a packet's source layer 4 port as a match condition for the

selected IPv6 ACL rule. Source port information is optional. Source port information

can be specified in two ways:

• Select keyword “other” from the drop-down menu and specify the number of the

port in the range from 0 to 65535.

• Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,

SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its

equivalent port number, which is used as both the start and end of the port range.

• Destination Prefix/Prefix Length: Enter up to 128-bit prefix combined with prefix

length to be compared to a packet's destination IP Address as a match criteria for the

selected IPv6 ACL rule. Prefix length can be in the range (0 to 128).