NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 813
The page that displays lets you configure the extended rule.
8. Configure the following options for the rule:
•
Sequence Number: Enter a number in the range from 1 to 2147483647 that is
used to identify the rule. An extended IP ACL can contain up to 1023 rules.
•
Action: Select the ACL forwarding action, which is one of the following:
-
Permit: Forward packets that meet the ACL criteria.
Egress Queue: If the selection from the Action menu is Permit, select the
hardware egress queue identifier that is used to handle all packets matching
this IP ACL rule. The range of queue IDs is from 0 to 6.
-
Deny: Drop packets that meet the ACL criteria.
This option is available if the selection from the Action menu is Deny.
If you select Enable, logging is enabled for this ACL rule (subject to resource
availability on the switch).
If the access list trap flag is also enabled, periodic traps are generated,
indicating the number of times the rule was evoked during the report interval,
which is fixed at five minutes.
•
Interface: For a Permit action, use either a mirror interface or a redirect interface:
-
Select the Mirror radio button and use the menu to specify the egress interface
to which the matching traffic stream is copied, in addition to being forwarded
normally by the device.
-
Select the Redirect radio button and use the menu to specify the egress
interface to which the matching traffic stream is forced, bypassing any
forwarding decision normally performed by the device.
•
Match Every: Select one of the radio buttons to specify whether all packets must
match the selected IP ACL rule:
-
False: Not all packets need to match the selected IP ACL rule. You can
configure other match criteria on the page.
-
True: All packets must match the selected IP ACL rule and are either permitted
or denied. In this case, you cannot configure other match criteria on the page.
•
Protocol Type: From the menu, select a protocol that a packet’s IP protocol must
be matched against: IP, ICMP, IGMP, TCP, UDP, EIGRP, GRE, IPINIP, OSPF,
PIM, or Other. If you select Other, enter a protocol number from 0 to 255.
•
TCP Flag: If you select TCP from the Protocol Type menu, for each TCP flag,
you can specify whether or not a packet’s TCP flag must match. The TCP flag
values are URG, ACK, PSH, RST, SYN, and FIN. You can set each TCP flag
separately to one of the following options:
Main User Manual
813
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual