beautypg.com

NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual

Page 814

background image

-

Ignore: The packet’s TCP flag is ignored. This is the default setting.

-

Set: A packet matches this ACL rule if the TCP flag in this packet is set.

-

Clear: A packet matches this ACL rule if the TCP flag in this packet is not set.

NOTE: If the RST and ACK flags are set, the option Established is
available, indicating that a match occurs if either the RST- or
ACK-specified bits are set in the packet’s header.

Src: In the Src field, enter a source IP address, using dotted-decimal notation, to
be compared to a packet’s source IP address as a match criterion for the selected
IP ACL rule:

-

If you select the IP Address radio button, enter an IP address or an IP address
range. You can enter a relevant wildcard mask to apply this criteria. If this field
is left empty, it means any.

-

If you select the Host radio button, the wildcard mask is configured as 0.0.0.0.
If this field is left empty, it means any.

The wildcard mask determines which bits are used and which bits are ignored.
A wildcard mask of 0.0.0.0 indicates that none of the bits are important. A
wildcard of 255.255.255.255 indicates that all of the bits are important.

Src L4: The options are available only if the selection from the Protocol Type
menu is TCP or UDP. Use the source L4 port option to specify relevant matching
conditions for L4 port numbers in the extended ACL rule.

You can select either the Port radio button or the Range radio button:

-

Port: If you select the Port radio button, you can either enter the port number
yourself or select one of the following protocols from the menu:

-

The source IP TCP port protocols are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and BGP.

-

The source IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP,
Time, Who, and TFTP.

Each of these values translates into its equivalent port number, which is used
as both the start and end of the port range.

Select Other from the menu to enter a port number. If you select Other from
the menu but leave the field blank, it means any.
The relevant matching conditions for L4 port numbers are as follows:

-

Equal: The IP ACL rule matches if the Layer 4 source port number is equal
to the specified port number or port key.

-

Not Equal: The IP ACL rule matches if the Layer 4 source port number is
not equal to the specified port number or port key.

Main User Manual

814

Manage Switch Security

Fully Managed Switches M4350 Series Main User Manual