S350 Series 24-Port (PoE+) and 48-Port Gigabit Ethernet Smart Managed Pro Switches
Manage Device Security User Manual284
For models GS324T and GS324TP, the range for the queue ID is from 0 to 3. For
model GS348T, the range for the queue ID is from 0 to 7.
- Deny. Drop packets that meet the ACL criteria.
Logging. If the selection form the Action menu is Deny, you can enable logging
for the ACL by selecting the Enable radio button. (Logging is subject to resource
availability in the device.)
If you enable logging and you also enable ACL system traps (see
Configure
SNMPv1/v2 Trap Flags on page 82), a SNMP trap is sent when a packet matches
this ACL rule.
• Interface. For a Permit action, use either a mirror interface or a redirect interface:
- Select the Mirror radio button and use the menu to specify the egress interface to
which the matching traffic stream is copied, in addition to being forwarded
normally by the device.
- Select the Redirect radio button and use the menu to specify the egress interface
to which the matching traffic stream is forced, bypassing any forwarding decision
normally performed by the device.
•
Match Every. Select one of the radio buttons to specify whether all packets must
match the selected IP ACL rule:
-
False. Not all packets need to match the selected IP ACL rule.
You can configure
other match criteria on the page.
- True. All packets must match the selected IP ACL rule and are either permitted or
denied. In this case, you cannot configure other match criteria on the page.
•
Protocol Type. From the menu, select a protocol that a packet’s IP protocol must be
matched against:
IP, ICMP, IGMP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF, PIM, or
Other. If you select Other, enter a protocol number from 0 to 255.
• Src. In the Src field, enter a source IP address, using dotted-decimal notation, to be
compared to a packet’s source IP address as a match criterion for the selected IP
ACL rule:
- If you select the
IP Address radio button, enter an IP address or an IP address
range. Y
ou can enter a relevant wildcard mask to apply this criteria. If this field is
left empty, it means any.
- If you select the Host radio button, the wildcard mask is configured as 0.0.0.0. If
this field is left empty, it means
any.
The wildcard mask determines which bits are used and which bits are ignored. A
wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard of
255.255.255.255 indicates that all of the bits are important.
• Src L4. The options are available only when the protocol is set to TCP or UDP
. Use the
source L4 port option to specify relevant matching conditions for L4 port numbers in
the extended ACL rule.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
