8-Port Gigabit (PoE+) Ethernet Smart Managed Pro Switch with (2 SFP or 2 Copper Ports and)
Cloud
Management
Manage Device Security
User Manual
396
•
Logging
. If you select the
Deny
radio button, you can enable logging for the ACL by
selecting the
Enable
radio button. (Logging is subject to resource availability in the
device.)
If the access list trap flag is also enabled, periodic traps are generated, indicating the
number of times this rule was evoked during the report interval. A fixed five-minute
report interval is used for the switch. A trap is not issued if the ACL rule hit count is
zero for the current interval.
•
Interface
. For a Permit action, use either a mirror interface or a redirect interface:
-
Select the
Mirror
radio button and use the menu to specify the egress interface to
which the matching traffic stream is copied, in addition to being forwarded
normally by the device.
-
Select the
Redirect
radio button and use the menu to specify the egress interface
to which the matching traffic stream is forced, bypassing any forwarding decision
normally performed by the device.
•
Match Every
. Select whether all packet must match the selected IPv6 ACL rule:
-
False
. Not all packets need to match the selected IPv6 ACL rule. You can
configure other match criteria on the page.
-
True
. All packets must match the selected IPv6 ACL rule and are either permitted
or denied. In this case, you cannot configure other match criteria on the page.
•
Protocol Type
. Specify the IPv6 protocol type in one of the following ways:
-
From the
Protocol Type
menu, select
IPv6
,
ICMPv6
,
TCP
, or
UDP
.
-
From the
Protocol Type
menu, select
Other
, and in the associated field, specify
an integer ranging from 0 to 255. This number represents the IPv6 protocol.
•
Src
. In the
Src
field, enter a source IPv6 address or source IPv6 address range to be
compared to a packet’s source IPv6 address as a match criterion for the selected
IPv6 ACL rule:
-
If you select the
IPv6 Address
radio button, enter an IPv6 address or IPv6 range
to apply this criteria. If this field is left empty, it means
any
.
-
If you select the
Host
radio button, enter a host source IPv6 address to match the
specified IPv6 address. If this field is left empty, it means
any
.
The source IPv6 address argument must be in the form documented in RFC 2373
where the address is specified in hexadecimal numbers using 16-bit values between
colons.
•
Src L4
. The options are available only when the protocol is set to TCP or UDP. Use the
source L4 port option to specify relevant matching conditions for L4 port numbers in
the extended ACL rule.
You can select either the
Port
radio button or the
Range
radio button:
-
Port
. If you select the
Port
radio button, you can either enter the port number
yourself or select one of the following protocols from the menu:
•
The source IP TCP port protocols are
domain
,
echo
,
ftp
,
ftpdata
,
www-http
,
smtp
,
telnet
,
pop2
,
pop3
, and
bgp
.