Security
146
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch
packets match the rule, the option of configuring other match criteria is not offered. To
configure specific match criteria for the rule, remove the rule and recreate it, or for
Match Every select Disable for the other match criteria to be visible.
• Protocol. There are two ways to configure IPv6 protocol:
• After selecting protocol keyword other, specify an integer ranging from 0 to 255.
This number represents the IPv6 protocol.
• Select name of a protocol from the existing list of IPv6, ICMPv6, TCP, and UDP.
• Source Prefix and Source Prefix Length. Specify the IPv6 Prefix combined with
IPv6 Prefix length of the network or host from which the packet is being sent. The
valid range for the prefix length is 0–128.
• Source L4 Port. Specify a packet's source layer 4 port as a match condition for the
selected IPv6 ACL rule. Source port information is optional. Source port information
can be specified in two ways:
• Select keyword other from the drop-down list, and specify the number of the port.
The valid range is 0 - 65535.
• Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,
SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its
equivalent port number, which is used as both the start and end of a port range.
• Destination Prefix and Destination Prefix Length. Enter a prefix of up to 128 bit
combined with prefix length to be compared to a packet's destination IP address as a
match criteria for the selected IPv6 ACL rule. The valid range for a prefix length is 0 -
128.
• Destination L4 Port. Specify a packet's destination layer 4 port as a match condition
for the selected IPv6 ACL rule. Destination port information is optional. Destination
port information can be specified in two ways:
• Select keyword other from the drop-down list, and specify the number of the port.
The valid range is 0 - 65535.
• Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP,
SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its
equivalent port number, which is used as both the start and end of a port range.
• IPv6 DSCP Service. Select the IPv6 DSCP service. If you prefer, you can select the
Other option in the drop-down list and enter the numeric value of the DSCP in the
adjacent field. The DSCP is defined as the high-order 6 bits of the service type octet
in the IPv6 header. This configuration is optional. Enter an integer from 0 to 63.
4. To add an IPv6 rule, select the global check box and click Add.
Click Apply to submit the changes to the switch.
Configuration changes take effect immediately.
IP Binding Configuration
When an ACL is bound to an interface, all the rules that have been defined are applied to the
selected interface. Use the IP Binding Configuration screen to assign ACL lists to ACL
Priorities and Interfaces.
To Next Page
Loading...
