Configure Access Control Lists, ACL Wizard | NETGEAR GS728TPP

GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches

Configure Access Control Lists

Access control lists (ACLs) ensure that only authorized users have access to specific resources while blocking any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. The switch software supports IPv4 and MAC ACLs.

To configure an ACL, first create an IPv4-based or MAC-based ACL ID. Then, create a rule and assign it to a unique ACL ID. Next, define the rules, which can identify protocols, source, and destination IP and MAC addresses, and other packet-matching criteria. Finally, use the ID number to assign the ACL to a port or to a LAG.

The ACL menu provides access to features described in the following sections:

•ACL Wizard

•MAC ACL

•MAC Rules

•MAC Binding Configuration

•MAC Binding Table

•IP ACL

•IP Rules

•IP Extended Rules

•IPv6 ACL

•IPv6 Rules

•IP Binding Configuration

•IP Binding Table

ACL Wizard

ACL Wizard helps you to create a simple ACL and apply it to the selected ports easily and quickly. First, you can select an ACL type. Then, you can add an ACL rule to this ACL, and the rule can be applied to this ACL on the selected ports. The ACL Wizard enables you to create the ACL, but does not allow you to modify it. For more information about how to modify the ACL, see the instructions on the ACL configuration screen.

187

Image 187

NETGEAR GS728TPP, GS752TP manual Configure Access Control Lists, ACL Wizard

Contents

GS752TP, GS728TP, GS728TPP Gigabit Smart Switches Revision History GS752TP, GS728TP, and GS728TPP Gigabit Smart SwitchesSupport Trademarks Contents Configuring Switching Information Configure Quality of Service Monitoring the System Appendix a Hardware Specifications and Default Values Getting Started Getting Started with the Netgear Switch Switch Management Interface Connect the Switch to the Network Discover a Switch in a Network with a Dhcp Server GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches  To assign a static IP address Switch Discovery in a Network Without a Dhcp Server Password Configure the Network Settings on the Administrative System  To configure a static address on the switch Understand the User Interface Access the Management Interface from the Web To log on to the web interface Navigation Tabs, Configuration Menus, and Screen Menu Link Submenu Links Configuration and Status OptionsCommand Buttons Device View Power/Status LED Following image shows the device view of the Netgear switch Use Snmp Help Screen AccessUser-Defined Fields GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Interface Naming Convention Naming Convention for Switch Interfaces Configuring System Information System Information Management To define system information System status information IP Configuration GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches VLANs IPv6 Network Configuration  To configure the global settings for an IPv6 Interface  To view the IPv6 Network Interface Neighbors IPv6 Network Neighbors Time Time Configuration  To configure the time through Sntp Sntp Global Status fields Sntp Server Configuration  To change the settings for an existing Sntp server  To configure a new Sntp server To remove an Sntp server  To configure the global DNS settings DNS Configuration  To add a static entry to the local DNS table Host Configuration Dynamic Host Configuration table fields Green Ethernet Configuration  To configure the Green Ethernet Configuration features Green Ethernet Interface Configuration Green Ethernet Detail  To configure the Green Ethernet Detail feature Green Ethernet Summary PoE PoE Configuration Field Descriptions PoE Configuration To configure PoE trap settings System PoE Advanced PoE Configuration  To assign a timer to the port PoE Port Configuration Timer Global Configuration  To create a timer Timer Schedule  To configure timer settings Snmp Community Configuration  To add a new Snmp community  To modify information about an existing Snmp recipient Trap Configuration To configure Snmp trap settings  To add a host that receives Snmp traps Trap Flags  To configure the trap flags Snmp Supported MIBs Snmp v3 User Configuration  To configure SNMPv3 settings for the user account Lldp  To configure global Lldp settings Lldp ConfigurationSystem Lldp Advanced Lldp Configuration  To configure Lldp port settings Lldp Port Settings  To view LLPD-MED information LLDP-MED Network PolicyNetwork Policy Number. The policy number  To configure LLDP-MED settings for a port LLDP-MED Port Settings  To display the Lldp Local Device Information screen Local Information Field Description Managed Address Detailed local information MED Details  To display the Lldp Neighbors Information screen Neighbors InformationLldp neighbors information Field Description Port Details Port Details Managed Addresses Lldp Unknown TLVs Dhcp Snooping Global Configuration Services-DHCP Snooping Dhcp Snooping Interface Configuration GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches  To configure Dhcp binding settings Dhcp Snooping Binding Configuration  To configure Dhcp snooping persistent settings Dhcp Snooping Persistent Configuration Configuring Switching Information  To configure global configuration settings Global ConfigurationPorts  To configure port settings Port Configuration GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches Link Aggregation Groups LAG Configuration  To configure LAG settings  To create a LAG LAG Membership  To configure Lacp Lacp Configuration  To configure Lacp port priority settings Lacp Port Configuration VLANs Vlan Configuration  To configure VLANs  To configure Vlan membership Vlan Membership Configuration Port Vlan ID Configuration  To configure Pvid information Voice Vlan Properties Voice Vlan GS752TP, GS728TP, and GS728TPP Gigabit Smart Switches 00036B. CISCO1 Voice Vlan Port Setting To configure Voice Vlan port settings Voice Vlan OUI 00E0BB COM 00040D. AVAYA1 001B4F. AVAYA2  To configure OUI settingsCISCO2 000FE2. H3C 00D01E. Pintel  To enable Auto-VoIP Auto-VoIP Configuration Spanning Tree Protocol  To configure STP settings on the switch STP Configuration STP Status information  To configure CST settings CST Configuration Mstp Status Information  To configure CST port settings CST Port Configuration CST Port Status Rapid STP Rstp Status Information MST Configuration  To modify an MST instance MST Instance Information  To configure MST port settings MST Port Configuration Value for Port Path Cost is MST port configuration information Mfdb Table Multicast  To view the Mfdb Table screen Mfdb Statistics Auto-Video Configuration Igmp Snooping  To configure Auto-Video  To configure Igmp Snooping Igmp Snooping Configuration Igmp Snooping Status Igmp Snooping Table  To configure Igmp snooping settings for VLANs Igmp Snooping Vlan ConfigurationIgmp Snooping Table Igmp Snooping Querier  To configure Igmp Snooping Querier settings Igmp Snooping Querier Configuration  To configure Querier Vlan settings Igmp Snooping Querier Vlan Configuration 114 Igmp Snooping Querier Vlan Status MLD Snooping MLD Snooping Configuration  To configure MLD snooping  To configure the MLD Vlan MLD Vlan Configuration  To configure the Multicast Router Vlan Multicast Router Vlan Configuration Static Multicast Address Multicast Group Configuration Multicast Group Membership Multicast Forward All  To configure the Multicast Forward All feature Address Table Forwarding Database MAC Address Table Fields  To search for an entry in the MAC Address Table  To configure the Dynamic Address setting Dynamic Address Configuration Configuring Routing  To access the IP Configuration screen Configure IP Settings Vlan Routing Wizard Configure Vlan Routing  To configure Vlan settings  To configure Vlan routing settings Configure Vlan Routing  To configure routes Configure and View Routes Subnet Mask Learned Routes Table Fields Configure ARP ARP Cache  To add a static entry to the ARP table ARP Entry Configuration  To configure the global ARP settings Global ARP Configuration  To remove entries from the ARP table ARP Entry Management Configure Quality of Service Basic CoS Configuration Class of Service  To configure global CoS settings  To configure CoS settings for an interface CoS Interface Configuration  To configure CoS queue settings Queue Configuration  To map 802.1p priorities to queues 802.1p to Queue Mapping  To map Dscp values to queues Dscp to Queue Mapping Defining DiffServ Differentiated Services Dscp Violate Action Mapping Diffserv Configuration  To configure the Dscp violate action mapping  To add a new class Class Configuration  To configure a class Service Type IPv6 Class Configuration  To configure an IPv6 class  To configure the class match criteria  To configure a DiffServ policy Policy Configuration  To configure the policy attributes 154 Service Statistics Service Configuration To configure DiffServ policy settings on an interface 156 Managing Device Security Change Password Management Security Settings To change the login password for the management interface Global Configuration Configure Radius Settings To reset the password for the management interface  To configure global Radius server settings Radius Server Configuration  To configure the Radius accounting server Accounting Server Configuration TACACS+ Configuration Configure TACACS+ To configure global TACACS+ settings TACACS+ Server Configuration Authentication List Configuration Http Authentication List Https Authentication List 168 Http Configuration Configure Management Access  To configure Https settings Secure Http Configuration  To manage certificates Certificate Management  To generate a certificate request Access ControlClick Generate Request  To set up a security access profile Access Profile Configuration  To add a security access rule Access Rule Configuration To configure a security access rule 802.1x Configuration Port Authentication Configuration  To configure global 802.1x settings Port Authentication 178 179 Port Summary Fields Port Summary 181 Storm Control Traffic Control  To configure storm control settings  To configure port security settings Port Security Interface Configuration  To convert learned MAC addresses Security MAC Address Protected Ports  To configure protected ports ACL Wizard Configure Access Control Lists  To create an ACL ACL Based on Fields ACL fields according to selected ACL type MAC ACL MAC Rules  To configure a MAC ACL  To configure MAC ACL rules MAC Binding Configuration  To configure MAC ACL interface bindings MAC Binding Table fields MAC Binding Table IP ACL  To configure an IP ACL IP Rules IP Extended Rules 199 200  To add an IPv6 ACL IPv6 ACL  To add an IPv6 rule IPv6 Rules 203 IP Binding Configuration 205 IP Binding table fields IP Binding Table Monitoring the System  To display switch statistics Switch Statistics 209 Port Statistics Port Detailed Statistics 212 213 214  To display a EAP Statistic EAP Statistics Cable Test Cable Status  To display cable information Buffered Logs Logs  To configure the Buffered Logs settings  To add a remote log server Server Log 221  To view Snmp traps Trap Logs Mirroring  To configure port mirroring 224  To view Tcam utilization System Resources Utilization Maintenance Device Reboot Reset To reboot the switch  To reset the switch to the factory default settings Factory Default Tftp File Upload Upload a File from the SwitchUpload File Types  To upload a file from the switch to the Tftp server Http File Upload Tftp File Download Download a File to the SwitchDownload File Types  To download a file to the switch from a Tftp server Http File Download  To download a file to the switch from by using Http File Management Dual Image Configuration Dual Image Status  To configure Dual Image settings 237  To configure the settings and ping a host on the network TroubleshootingPing Ping IPv6 Traceroute 241  To configure the remote diagnostics feature Remote Diagnostics Help Support Online Help To connect to online support User Guide  To access the user guide Registration  To register the switch Hardware Specifications and Default Values 249 Feature Sets Supported Default Switch Features and Defaults 251 252 Configuration Examples Virtual Local Area Networks VLANs Sample Vlan Configuration Sample MAC ACL Configuration Access Control Lists ACLsMatch Every. False CoS Destination MAC Mask Ffff Sample Standard IP ACL ConfigurationVlan ID Rule ID Rule ID Action. Deny Match Every. False Source IP AddressMatch Every. True Class Differentiated Services DiffServ Create Policies DiffServ Traffic ClassesTraffic Conditioning Policy Class Name. Class1 Class Type. All Sample DiffServ Configuration Assign Queue Policy Attribute. Simple Policy Protocol Type. UDP Source IP AddressDestination IP Address Destination Mask Policy Selector. Policy1 Member Class. Class1 802.1x Sample 802.1x Configuration Secret Configured. Yes Mstp Sample Mstp Configuration Switch 1 Switch 2 Switch 3 MST ID Priority Vlan ID MST ID Vlan Routing Overview Configure Vlan Routing with Static RouteSample Vlan Routing Configuration  To configure a switch to perform inter-VLAN routing 271 FCC Requirements for Operation in the United States Netgear Wired ProductsRegulatory Compliance Information Europe EU Declaration of Conformity FCC Radio Frequency Interference Warnings & Instructions FCC Declaration Of Conformity Index 275 276 277