Add Packet Content ACL Profile | D-Link DGS-3700 specs

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Figure 6 - 22 Add Packet Content ACL Profile

Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List page click Previous

Page.

The following parameters can be set, for Packet Content:

Parameter		Description

Chunk	Allows users to examine up to 4 specified offset_chunks within a packet at one time and specifies
	the frame content offset and mask. There are 4 chunk offsets and masks that can be configured. A
	chunk mask presents 4 bytes. 4 offset_chunks can be selected from a possible 32 predefined
	offset_chunks as described below:
	offset_chunk_1,
	offset_chunk_2,
	offset_chunk_3,
	offset_chunk_4.

		chunk0	chunk1		chunk2	……	chunk29	chunk30	chunk31

		B126,	B2,		B6,	……	B114,	B118,	B122,
		B127,	B3,		B7,		B115,	B119,	B123,
		B0,	B3,		B7,		B115,	B119,	B123,
		B0,	B4,		B8,		B116,	B120,	B124,
		B1	B4,		B8,		B116,	B120,	B124,
		B1	B5		B9		B117	B121	B125
			B5		B9		B117	B121	B125

		Example:
		offset_chunk_1 0		0xffffffff will match packet byte offset 126,127,0,1
		offset_chunk_1 0		0xffff will match packet byte offset,0,1
		Note: Only one packet_content_mask profile can be created.
		With this advanced unique Packet Content Mask (also known as Packet Content Access Control
		List - ACL), the D-Link switch family can effectively mitigate some network attacks like the
		common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL is

202

Image 213

Contents

Copyright 2009. All rights reserved Page Table of Contents DDM L2 Features QoS Security ACL Save Services and Tools 258 Preface Typographical Conventions Intended Readers Introduction Login to Web Manager Areas of the User Interface Web-based User Interface Web Pages AreaArea Function Page Configuration System Information Device Information Fields that can be configured are described below Serial Port SettingsParameter Description Baud Rate Auto Logout IP Address IP Address Settings window Dhcp Bootp Setting the Swith’s IP Address using the Console Interface Interface Settings IPv6 Network Parameter Description Interface NameAddress IPv6 State IPv6 Route Settings IPv6 Neighbor SettingsAutomatic Link Local Address Port Settings Port ConfigurationNeighbor IPv6 Address Link Layer MAC Port Description Port Error Disabled Static ARP Settings User Accounts New Password Admin, Operator and User PrivilegesPassword Management Admin Operator User User Account Management Admin, Operator and User Privileges System Log Configuration System Log SettingsSystem Log Server Server IP Address Parameter Description Server IDUDP Port 514 or Severity System Severity Settings Parameter Description System SeveritySeverity Level Dhcp Relay Dhcp Relay Global Settings Information Option Dhcp Relay AgentCheck Policy Implementation of Dhcp Information Option 82 on the Switch Circuit ID sub-option formatRemote ID sub-option format Dhcp Relay Option 60 Default Settings Dhcp Relay Interface SettingsParameter Description Relay IP Address Mode Dhcp Relay Option 61 Default Settings Dhcp Relay Option 60 Settings Dhcp Relay Option 61 Settings Out of Band Management SettingsParameter Description Client ID Relay Rule Dhcp Auto Configuration Settings External Alarm SettingsParameter Description IP Address Link Status Web Settings Telnet SettingsMAC Address Aging Time Clipaging Settings Password EncryptionFirmware Information Parameter Description Update Time Dual Configuration SettingsVersion Size Bytes Ping Test Timeout Local Loopback Ports SettingsIPv6 Ping Test Size Vlan Counter Settings Time Settings Sntp Settings Hhmm TimeZone Settings MAC Notification Global Settings MAC Notification Settings ParameterDescription MAC Notification Port Settings Snmp Settings TrapsMIBs Snmp View Table Snmp Global State SettingsParameter Description View Name Subtree OID Snmp Group Table Snmp User Table Parameter Description Community Name Snmp Community Table Snmp v6Host Table Snmp Host Table Community Snmp Engine IDString/SNMPv3 User Name Snmp Trap Configuration Time Range SettingsParameter Description Range Name Hours SFlow Analyzer Server Settings SFlow Global State SettingsSFlow ParameterDescription Analyzer Server ID SFlow Flow Sampler Settings Following parameters can be configured SFlow Counter Poller Settings Single IP Management Upgrade to Single IP Settings Topology Remote Port Parameter Description Device NameSpeed Local Port Icon Description 62 Topology view 63 Device Information Utilizing the Tool Tip Tool Tips Group Icon Right-Click Commander Switch Icon Member Switch IconCandidate Switch Icon Menu Bar Configuration File Backup/Restore Firmware Upgrade DDM Settings Upload Log FileBrowse DDM Status List DDM Temperature Threshold Settings DDM Bias Current Threshold Settings DDM Voltage Threshold Settings DDM Rx Power Threshold Settings DDM Tx Power Threshold Settings Parameter Description From Port / To Port Jumbo Frame window Jumbo Frame VLANs Understanding Ieee 802.1p PriorityVlan Description Ieee 802.1Q Packet Forwarding Ieee 802.1Q VLANs Ieee 802.1Q Tag 802.1Q Vlan Tags Port Vlan ID Tagging and UntaggingIngress Filtering Port-based VLANs Default VLANsVlan Segmentation VID Vlan and Trunk Groups Double VLANsDestination Source Spvlan Tpid + Double Vlan Example Regulations for Double VLANs Current 802.1Q Static VLANs Entries window 802.1Q Vlan 802.1Q Vlan window Add/Edit Vlan Tab Advertisement Port SettingsTagged Untagged 10 802.1Q Vlan window Vlan Batch Settings window Vlan Precedence Settings Subnet Vlan SettingsSubnet Vlan Vlan ID In-Q Settings In-QVlan Precedence Vlan Translation Settings In-Q and Vlan Translation Rules For ingress untagged packets at UNI portsFor ingress tagged packets at UNI ports 802.1v Protocol Vlan 802.1v Protocol Group Settings 802.1p Priority 802.1v Protocol Vlan SettingsCheck the Select All Ports box Search Port List Gvrp Settings Rspan Settings Gvrp Global Settings GvrpPvid Pvid Auto Assign Settings MAC-based Vlan SettingsLeave All Time NNI Bpdu Understanding Port Trunk Groups Port Trunking Master Port Parameter Description AlgorithmActive Port Member Ports Activity Lacp Port Settings Forward Portlist Traffic Segmentation 27 Bpdu Tunneling window Bpdu Tunneling Settings Igmp Snooping Igmp Snooping SettingsRate Limit Querier IP Max Response Time Query IntervalRobustness Value 255 Igmp Snooping Static Group Settings Igmp Snooping Rate Limit Settings Igmp Multicast Group Profile Settings Igmp Snooping Multicast Vlan SettingsFollowing fields can be set IPv4 Multicast Profile Settings IPv4 Max Multicast Group Settings IPv4 Limited Multicast Range Settings MLD Snooping Settings MLD SnoopingMLD Control Messages Query Interval 1-65535 sec Query Expiry TimeMax Response Time 25 sec 43 MLD Snooping Router IP Settings Modify window MLD Snooping Rate Limit Settings MLD Snooping Static Group Settings MLD Multicast Group Profile SettingsIPv6 Address MLD Snooping Multicast Vlan Settings 1,6 Source Port1,6 Tagged Member Port e.g.1-4,6 IPv6 Multicast Profile Settings IPv6 Max Multicast Group Settings IPv6 Limited Multicast Range Settings 55 Port Mirror window Port Mirror Recover Time Loopback Detection SettingsParameter Description LBD State Trap Status 802.1w Rapid Spanning Tree Spanning TreePort Transition States Edge Port 802.1D and 802.1w Compatibility P2P Port STP Bridge Global Settings NNI Bpdu Address Max Hops External Cost 0=Auto STP Port Settings P2P MST Configuration Identification Parameter Description Configuration Name STP Instance SettingsRevision Level Msti ID Instance ID Mstp Port InformationInternal Path cost 200000000 Forwarding & Filtering Unicast ForwardingMulticast Forwarding Multicast MAC Multicast Filtering Mode Lldp Global Settings Admin Status Lldp Port SettingsParameter Description From Port /To Port Notification Lldp Basic TLVs Settings Lldp Management Address ListParameter Description Address Vlan Lldp Dot1 TLVs Settings Lldp Dot3 TLVs Settings Lldp Statistics SystemMAC/PHY 72 Lldp Statistics System window Lldp Local Port Information Lldp Remote Port Information CFM Port Settings CFM CCM PDUs Forwarding Mode CFM MPs Reply LTRsCFM Mipccm List Connectivity Fault Management CreateMD Connectivity Fault Management SettingsConnectivity Fault Management SettingsMD Parameter Description CFM State MIP CFM Loopback SettingsMEP LBM CFM Linktrace Settings Ethernet OAM Ethernet OAM SettingsRemote Loopback Received Remote Ethernet OAM Configuration Settings Advantages of QoS QoS Understanding QoS Mapping QoS on the SwitchPage HOL Blocking Pevention Bandwidth ControlNo Limit Traffic Control window Traffic Control Settings Traffic Trap Setting Traffice TrapCount Down Time Interval 802.1p Default Priority window 802.1p Default Priority QoS Scheduling Mechanism 802.1p User Priority QoS Scheduling SchedulingMechanism Class ID Band Manage Settings Band Manage Settings Sred Settings Click Apply to implement changes 141 Dscp Trust Settings Dscp Map SettingsSred Drop Counter Dscp List0-63 Dscp Map 802.1p Map Settings Priority List0-7Color Security Safeguard Engine Safeguard Engine window IMP Binding Global Settings Trusted HostIP-MAC-Port Binding Parameter ACL Mode Trap / Log Dhcp Snoop State IMP Binding Port Settings Forward Dhcp Allow Zero IPPacket Max Entry Ports IMP Binding Entry Settings Port Security Port Security Port SettingsDhcp Snooping Entries MAC Block List Admin State Port Security Vlan SettingsLock Address Max. Learning Port Security Entries Dhcp Server Screening SettingsVlan ID e.g.1,4-6 Max Learning Dhcp Screening Port Settings Dhcp Offer FilteringParameterDescription Server IP Address Authentication Server 802.1X Port-Based and Host-Based Access Control802.1X Client’s MAC Address 16 The Authentication Server Authenticator Client Authentication Process 20 Example of Typical Port-Based Configuration Port-Based Network Access Control 21 Example of Typical Host-Based Configuration Host-Based Network Access Control 802.1X Global Settings 802.1X Port SettingsPDU ServerTimeout SuppTimeoutReAuthentication QuietPeriod 802.1X User Authentication Radius Server Reauthenticate Ports Initialize PortsConfirm Key Limitations Using the Guest Vlan Guest Vlan Configuration Guest Vlan SSL Settings Ciphersuite Download Certificate EDE CBC SHA CBC SHA SSH Settings SSH Authmode and Algorithm Settings HMAC-SHA1 SSH User Authentication ListsHMAC-MD5 HMAC-RSA Host Name Access Authentication ControlPage Application Authentication Settings Authentication Policy Settings 37 Authentication Server Group Settings window Authentication Server Group 38 Authentication Server Group Settings Edit window Authentication Server Login Method Lists Enable Method Lists ParameterDescription Method List NamePriority 1, 2, 3 41 Enable Method List window Local Enable Password Settings 42 Local Enable Password window Radius Accounting Settings MAC-based Access Control Settings MAC-based Access Control Method Parameter Description Settings MBA Global StateGuest Vlan Name Guest Vlan ID Hold Time MAC-based Access Control Local Settings Web Authentication Web-based Access Control Settings Conditions and LimitationsParameterDescription State Logout Timer Web-based Access Control User Settings1440 Authentication Redirection NetBIOS Filtering NetBIOS Filtering SettingsConfirmation ACL Configuration Wizard Access IDParameterDescription Type Access Profile List OptionApply To Add Access Profile Ethernet Source MAC Mask Parameter Description Ethernet ACLDestination MAC Mask Select ACL Type Ethernet Type Access Profile List Ethernet Vlan Mask Parameter Description Access IDReplace Priority Replace Dscp Time Range PrecedenceRx Rate Counter Source IP Mask DscpDestination IP Mask Icmp Type 11 Access Profile List IPv4 12 Access Profile Details IPv4 Time Range Name Icmp IPv6 Flow Label Parameter Description IPv6 ClassIPv6 TCP IPv6 UDP 17 Access Profile List IPv6 Flow Label Class 20 Access Rule List IPv6 Parameter Description Chunk 22 Add Packet Content ACL Profile 23 Access Profile List Packet Content 25 Access Profile Packet Content CPU Interface Filtering 26 Access Rule List Packet Content 28 CPU Access Profile List window CPU Access Profile List Source MAC Mask Destination MACMask 802.1Q Vlan IPv4 Dscp Parameter Description Select Profile ID 209 33 Add CPU ACL Profile window for IPv6 Parameter Description Select Profile Select ACLOffset 37 CPU Access Rule List window for Ethernet 39 CPU Access Rule Detail Information window for Ethernet 40 CPU Access Rule List window for IP 42 CPU Access Rule Detail Information window for IP 45 CPU Access Rule Detail Information window for IPv6 ACL Flow Meter ACL Finder 50 ACL Flow Meter window Mode Device Status Cable Diagnostic Parameter Description Time Interval CPU UtilizationRecord Number Show/Hide Packet Size Port Utilization Packet Size window Memory Utilization PacketsReceived RX Received RX window for Bytes and Packets UMBcast RX Transmitted TX 12 Transmitted TX window for Bytes and Packets Bytes 14 Received RX window for errors Errors Symbol CRCErrorUnderSize OverSize ExDefer 16 Transmitted TX window for errors Radius Authentication Port Access Control Radius Account Client Requests ServerAddressRetransmissions Responses Parameter Description MAC Address Authenticator StateAuth PAE State Backend State 22 Authenticator Statistics window for MAC-based Authenticator Statistics Authenticator Session Statistics Authenticator Diagnostics Connect Enter Auth TimeoutConnect LogOff Auth Enter Browse ARP Table 27 Browse ARP Table window Browse Vlan Show Vlan Ports Browse Igmp Router PortIgmp Snooping Group Browse Igmp Snooping Counter Igmp Snooping Forwarding Table MLD Snooping Group Browse MLD Router Port 35 MLD Snooping Group window MLD Snooping Forwarding Table Browse Session Table Browse MLD Snooping CounterCFM Packet Counter List Browse CFM Fault MEP CFM Packet Counter CCM ListBrowse CFM Port MP List MAC Address Table Browse Vlan Counter StatisticsFunctions used in the MAC address table are described below Browse Ethernet OAM Statistics Browse Ethernet OAM Event Log 46 Browse Ethernet OAM Statistics window Historical Counter & Utilization Packet/ErrorBrowse Historical Counter Minutes/1 Day Browse Historical Utilization System Log Parameter Description Log Type Date-TimeLog Text Save Configuration ID 1 window Save Configuration ID Save All Save Log Configuration File Backup & Restore ResetUpload Log File Download Firmware Reboot System ARP FCS ARP Forwarding Table Ethernet frame format Port2 00-20-5C-01-22-22 Destination address Source address Ether-type How ARP spoofing attacks a network Ethernet Gratuitous ARP Example topology Prevent ARP spoofing via packet content ACL Offset Chunk Ethernet 266 Category Event Description Log Information Severity System Log Entries SSL AAA Page Page Page IP-MAC DOS DDM DGS-3700 Series Trap List Proprietary Trap ListTrap Name/OID Variable Bind Format MIB Name Severity Equipment Glossary Page Command Parameters Password Recovery Procedure Command Parameters