NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 825
•
TCP Flag: If you select TCP from the Protocol Type menu, for each TCP flag,
you can specify whether or not a packet’s TCP flag must match. The TCP flag
values are URG, ACK, PSH, RST, SYN, and FIN. You can set each TCP flag
separately to one of the following options:
-
Ignore: The packet’s TCP flag is ignored. This is the default setting.
-
Set: A packet matches this ACL rule if the TCP flag in this packet is set.
-
Clear: A packet matches this ACL rule if the TCP flag in this packet is not set.
NOTE: If the RST and ACK flags are set, the option Established is
available, indicating that a match occurs if either the RST- or
ACK-specified bits are set in the packet’s header.
•
Src: In the Src field, enter a source IPv6 address or source IPv6 address range to
be compared to a packet’s source IPv6 address as a match criterion for the
selected IPv6 ACL rule:
-
If you select the IPv6 Address radio button, enter an IPv6 address or IPv6
range to apply this criteria. If this field is left empty, it means any.
-
If you select the Host radio button, enter a host source IPv6 address to match
the specified IPv6 address. If this field is left empty, it means any.
The source IPv6 address argument must be in the form documented in RFC 2373
where the address is specified in hexadecimal numbers using 16-bit values
between colons.
•
Src L4: The options are available only if the selection from the Protocol Type
menu is TCP or UDP. Use the source L4 port option to specify relevant matching
conditions for L4 port numbers in the IPv6 ACL rule.
You can either enter the port number yourself or select one of the following
protocols from the menu:
-
The source IP TCP port protocols are Domain, Echo, FTP, FTP data,
www-http, SMTP, Telnet, POP2, POP3, and BGP.
-
The source IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP, Time,
Who, and TFTP.
Each of these values translates into its equivalent port number, which is used as
both the start and end of the port range.
Select Other from the menu to enter a port number. If you select Other from the
menu but leave the field blank, it means any.
The only relevant matching condition for L4 port numbers is equal. This means
that an IPv6 ACL rule matches only if the Layer 4 source port number is equal to
the specified port number or port protocol.
•
Dst: In the Dst field, enter a destination IPv6 address to be compared to a packet’s
destination IPv6 address as a match criterion for the selected IPv6 ACL rule:
Main User Manual
825
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual