NETGEAR MS510TXPP 8 Port Gigabit PoE Managed Switch User Manual
Page 281
Smart Managed Pro Switches MS510TX and MS510TXPP
Manage Device Security
User Manual
281
•
Src IP Mask
. In the
Src IP Mask
field, enter a source IP mask, using dotted-decimal
notation, to be compared to a packet’s source IP mask as a match criterion for the
selected IP ACL rule.
Wildcard masks determine which bits are used and which bits are ignored. A wildcard
mask of 255.255.255.255 indicates that
none
of the bits are important. A wildcard
mask of 0.0.0.0 indicates that
all
of the bits are important. Wildcard masking for ACLs
operates differently from a subnet mask. A wildcard mask is in essence the inverse of
a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24
subnet, enter 0.0.0.255 in the
Src IP Mask
field. This field is required when you
configure a source IP address.
•
Source L4 port
. The options are available only when the protocol is set to TCP or UDP.
Use the source L4 port option to specify relevant matching conditions for L4 port
numbers in the extended ACL rule.
The source port protocols are
domain
,
echo
,
ftp
,
ftpdata
,
http
,
smtp
,
snmp
,
telnet
,
tftp
, and
www
. Each of these values translates into its equivalent port number.
Select
Other
from the menu to enter a port number from 0 to 65535.
•
Destination IP Address
. In the
Destination IP Address
field, enter a destination IP
address, using dotted-decimal notation, to be compared to a packet’s destination IP
address as a match criterion for the selected IP ACL rule.
•
Dst IP Mask
. In the
Dst IP Mask
field, enter a destination IP mask, using
dotted-decimal notation, to be compared to a packet’s destination IP mask as a match
criterion for the selected IP ACL rule.
Wildcard masks determine which bits are used and which bits are ignored. A wildcard
mask of 255.255.255.255 indicates that
none
of the bits are important. A wildcard
mask of 0.0.0.0 indicates that
all
of the bits are important. Wildcard masking for ACLs
operates differently from a subnet mask. A wildcard mask is in essence the inverse of
a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24
subnet, enter 0.0.0.255 in the
Dst IP Mask
field. This field is required when you
configure a destination IP address.
•
Destination L4 port
. The options are available only when the protocol is set to TCP or
UDP. Use the destination L4 port option to specify relevant matching conditions for L4
port numbers in the extended ACL rule.
The destination port protocols are
domain
,
echo
,
ftp
,
ftpdata
,
http
,
smtp
,
snmp
,
telnet
,
tftp
, and
www
. Each of these values translates into its equivalent port number.
Select
Other
from the menu to enter a port number from 0 to 65535.
•
Service Type
. Select either the
None
radio button to ignore a service type match
condition or the
IP DSCP
radio button for an IP DSCP service type match condition
for the extended IP ACL rule.
If you select the
IP DSCP
radio button, select one of the IP DiffServ Code Point
(DSCP) keywords from the menu. The DSCP is defined as the high-order 6 bits of the
service type octet in the IP header. To specify a numeric value, select
Other
from the
menu and enter a numeric value from 0 to 63.