beautypg.com

NETGEAR MS510TXPP 8 Port Gigabit PoE Managed Switch User Manual

Page 281

background image

Smart Managed Pro Switches MS510TX and MS510TXPP

Manage Device Security

User Manual

281

Src IP Mask

. In the

Src IP Mask

field, enter a source IP mask, using dotted-decimal

notation, to be compared to a packet’s source IP mask as a match criterion for the
selected IP ACL rule.

Wildcard masks determine which bits are used and which bits are ignored. A wildcard
mask of 255.255.255.255 indicates that

none

of the bits are important. A wildcard

mask of 0.0.0.0 indicates that

all

of the bits are important. Wildcard masking for ACLs

operates differently from a subnet mask. A wildcard mask is in essence the inverse of
a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24
subnet, enter 0.0.0.255 in the

Src IP Mask

field. This field is required when you

configure a source IP address.

Source L4 port

. The options are available only when the protocol is set to TCP or UDP.

Use the source L4 port option to specify relevant matching conditions for L4 port
numbers in the extended ACL rule.

The source port protocols are

domain

,

echo

,

ftp

,

ftpdata

,

http

,

smtp

,

snmp

,

telnet

,

tftp

, and

www

. Each of these values translates into its equivalent port number.

Select

Other

from the menu to enter a port number from 0 to 65535.

Destination IP Address

. In the

Destination IP Address

field, enter a destination IP

address, using dotted-decimal notation, to be compared to a packet’s destination IP
address as a match criterion for the selected IP ACL rule.

Dst IP Mask

. In the

Dst IP Mask

field, enter a destination IP mask, using

dotted-decimal notation, to be compared to a packet’s destination IP mask as a match
criterion for the selected IP ACL rule.

Wildcard masks determine which bits are used and which bits are ignored. A wildcard
mask of 255.255.255.255 indicates that

none

of the bits are important. A wildcard

mask of 0.0.0.0 indicates that

all

of the bits are important. Wildcard masking for ACLs

operates differently from a subnet mask. A wildcard mask is in essence the inverse of
a subnet mask. For example, to apply the rule to all hosts in the 192.168.1.0/24
subnet, enter 0.0.0.255 in the

Dst IP Mask

field. This field is required when you

configure a destination IP address.

Destination L4 port

. The options are available only when the protocol is set to TCP or

UDP. Use the destination L4 port option to specify relevant matching conditions for L4
port numbers in the extended ACL rule.

The destination port protocols are

domain

,

echo

,

ftp

,

ftpdata

,

http

,

smtp

,

snmp

,

telnet

,

tftp

, and

www

. Each of these values translates into its equivalent port number.

Select

Other

from the menu to enter a port number from 0 to 65535.

Service Type

. Select either the

None

radio button to ignore a service type match

condition or the

IP DSCP

radio button for an IP DSCP service type match condition

for the extended IP ACL rule.

If you select the

IP DSCP

radio button, select one of the IP DiffServ Code Point

(DSCP) keywords from the menu. The DSCP is defined as the high-order 6 bits of the
service type octet in the IP header. To specify a numeric value, select

Other

from the

menu and enter a numeric value from 0 to 63.