xStack® DGS-3120 Series Managed Switch Web UI Reference Guide
163
offset_chunk_1 0 0x0000ffff will match packet byte offset,0,1
NOTE:
Only one packet_content_mask profile can be created.
With this advanced unique Packet Content Mask (also known as Packet Content Access Control List -
ACL), the
D-Link xStack
®
switch family can effectively mitigate some network attacks like the
common ARP Spoofing attack that is wide spread today. This is why the Packet Content
ACL is able to inspect any specified content of a packet in different protocol layers.
Click the
Select
button to select an ACL type.
Click the
Create
button
to create a profile.
Click the
<<Back
button to discard the changes made and return to the previous page.
After clicking the
Show Details
button, the following page will appear:
Figure 7–19 Access Profile Detail Information (Packet Content ACL)
Click the
Show All Profiles
button to navigate back to the
Access Profile List
Page.
NOTE:
Address Resolution Protocol (ARP) is the standard for finding a host’s hardware address (MAC
address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN
(i.e. an ARP spoofing attack). For a more detailed explanation on how ARP protocol works and
how to employ D-Link’s unique Packet Content ACL to prevent ARP spoofing attack, please
see Appendix E at the end of this manual.
After clicking the
Add/View Rules
button, the following page will appear:
Figure 7–20 Access Rule List (Packet Content ACL)
Click the
Add Rule
button to create a new ACL rule in this profile.
Click the
<<Back
button to return to the previous page.
Click the
Show Details
button to view more information about the specific rule created.
Click the
Delete Rules
button to remove the specific entry.
Enter a page number and click the
Go
button to navigate to a specific page when multiple pages exist.
After clicking the
Add Rule
button, the following page will appear:
Summary of Contents for DGS-3120-24PC-EI
Page 1: ......