beautypg.com

NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual

Page 673

background image

Select the Redirect radio button and use the menu to specify the egress
interface to which the matching traffic stream is forced, bypassing any
forwarding decision normally performed by the device.

• Match Every: Select one of the radio buttons to specify whether all packets must

match the selected IP ACL rule:

False: Not all packets need to match the selected IP ACL rule. You can
configure other match criteria on the page.

True: All packets must match the selected IP ACL rule and are either permitted
or denied. In this case, you cannot configure other match criteria on the page.

• Protocol Type: From the menu, select a protocol that a packet’s IP protocol must

be matched against: IP, ICMP, IGMP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, PIM,
or Other. If you select Other, enter a protocol number from 0 to 255.

• TCP Flag: If you select TCP from the Protocol Type menu, for each TCP flag, you

can specify whether or not a packet’s TCP flag must match. The TCP flag values
are URG, ACK, PSH, RST, SYN, and FIN. You can set each TCP flag separately to
one of the following options:

Ignore: The packet’s TCP flag is ignored. This is the default setting.

Set: A packet matches this ACL rule if the TCP flag in this packet is set.

Clear: A packet matches this ACL rule if the TCP flag in this packet is not set.

Note: If the RST and ACK flags are set, the option Established is available,
indicating that a match occurs if either the RST- or ACK-specified bits are set in
the packet’s header.

• Src: In the Src field, enter a source IP address, using dotted-decimal notation, to

be compared to a packet’s source IP address as a match criterion for the selected
IP ACL rule:

If you select the IP Address radio button, enter an IP address or an IP address
range. You can enter a relevant wildcard mask to apply this criteria. If this field
is left empty, it means any.

If you select the Host radio button, the wildcard mask is configured as 0.0.0.0.
If this field is left empty, it means any.
The wildcard mask determines which bits are used and which bits are ignored.
A wildcard mask of 0.0.0.0 indicates that none of the bits are important. A
wildcard of 255.255.255.255 indicates that all of the bits are important.

• Src L4: The options are available only if the selection from the Protocol Type

menu is TCP or UDP. Use the source L4 port option to specify relevant matching
conditions for L4 port numbers in the extended ACL rule.

Main User Manual

673

Manage Switch Security

AV Line of Fully Managed Switches M4250 Series Main User Manual