Configuring Access Control Lists, 212 | NETGEAR XS712T-100NES

XS712T Smart Switch

Configuring Access Control Lists

Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network. XS712T Smart Switch software supports IPv4 and MAC ACLs.

To configure an ACL, first create an IPv4-based or MAC-based ACL ID. Then, create a rule and assign it to a unique ACL ID. Next, define the rules, which can identify protocols, source, and destination IP and MAC addresses, and other packet-matching criteria. Finally, use the ID number to assign the ACL to a port or to a LAG.

The Security > ACL configuration menu contains links described in the following sections.

•ACL Wizard

•Basic

•MAC ACL

•MAC Rules

•MAC Binding Configuration

•MAC Binding Table

•Advanced

•IP ACL

•IP Rules

•IP Extended Rules

•IPv6 ACL

•IPv6 Rules

•IP Binding Configuration

•IP Binding Table

•VLAN Binding Table

212

Image 212

NETGEAR XS712T-100NES manual Configuring Access Control Lists, 212

Contents

XS712T Smart Switch XS712T Smart Switch Technical SupportTrademarks Statement of Conditions Contents Configuring Routing Monitoring the System Appendix a Smart Control Center Utilities Getting Started with the XS712T Smart Switch Getting Started Switch Management Interface Connect the Switch to the Network Discover a Switch in a Network with a Dhcp Server  To install the switch in a network with a Dhcp server Discover a Switch in a Network without a Dhcp Server  To assign a static IP address XS712T Smart Switch Configure the Network Settings on the Administrative System Click the Local Area Connection link XS712T Smart Switch  To configure a static address on the switch Access the Management Interface from a Web Browser Click Web Browser Access  To log on to the Web interface Understand the User InterfacesUse the Web Interface Navigation Tabs, Configuration Menus, and Links Smart Switch Web Interface Command buttons Configuration and Status OptionsXS712T Smart Switch Link Submenu Links Device View Device view Help Access Disallowed characters in user-defined fields Use SNMPv3User-Defined Fields XS712T Smart Switch Interface Naming Convention Interface naming conventions User Guide Online HelpSupport Click Register  To register the switch with Netgear Select Help RegisterRegistration Configure System Information Management System Information  To define a system name, location, and contact System Information screen status fields Field Description IP Configuration XS712T Smart Switch IPv6 Network Configuration  To configure the network information for an IPv6 network IPv6 Network Neighbor IPv6 neighbor table fields XS712T Smart Switch IPv6 neighbor table fields Time Time Configuration  To manually configure the time XS712T Smart Switch Time Configuration status fields XS712T Smart Switch Time Configuration status fields Sntp Server Configuration To configure a new Sntp server Sntp server status fields  To change the settings for an existing Sntp server To remove an Sntp server XS712T Smart Switch Sntp server status fields Summer Time Configuration To configure the summer time settings  To enable the Auto-DoS feature Denial of ServiceConfigure Auto-DoS Configure Denial of Service  To configure individual DoS settings XS712T Smart Switch Click Apply Configure DNS  To configure the global DNS settings Configure and View Hostname-to-IP Address Information  To remove an entry from the static DNS table To change the hostname or IP address in an entry Dynamically learned host name mapping information Green Ethernet Interface Configuration Green Ethernet  To configure Green Ethernet mode settings for a port Green Ethernet Detail Green Ethernet local device information XS712T Smart Switch Green Ethernet local device information Green Ethernet Summary Green Ethernet power saving information Green Ethernet summary screen View and Configure Green Ethernet LPI History  To configure the LPI settingsGreen Ethernet support information Green Ethernet interface information LPI history information Configure the Snmp Community  To add an Snmp community  To modify an existing community  To delete a community Trap Configuration  To add an Snmp trap receiver To modify information about an existing Snmp recipient  To delete an Snmp trap recipient Snmp Supported Mibs  To configure the trap flagsTrap Flags Lldp Lldp Configuration  To configure global Lldp settings Lldp Port Settings  To configure Lldp port settings LLDP-MED Network Policy XS712T Smart Switch LLDP-MED network policy information LLDP-MED Port Settings To configure LLDP-MED settings for a port Local Information  To view local Lldp information Model and platform Are True enabled or False disabled Neighbors Information  To view Lldp information received from a neighbor device Field Field Description Port Details Field Description MED Details Services-DHCP Snooping Global Configuration  To configure Dhcp snooping global settings Interface Configuration  To configure Dhcp snooping interface settings XS712T Smart Switch Binding Configuration Dhcp Snooping dynamic binding information Persistent Configuration  To configure Dhcp snooping persistent settings Dhcp Snooping statistics Statistics To view and clear the Dhcp snooping statistics XS712T Smart Switch Dhcp Snooping statistics Ports Port Configuration To configure port settings XS712T Smart Switch Flow Control LAG Configuration Link Aggregation Groups  To create a LAG Select Switching LAG Basic LAG Membership LAG Membership Lacp Configuration Lacp Port Configuration VLANs  To modify the Vlan name Basic Vlan Configuration To delete a one or more VLANs Vlan Membership Configuration Port Vlan ID Configuration Vlan Status XS712T Smart Switch MAC Based Vlan Protocol Based Vlan Group Configuration  To delete a protocol based Vlan group Protocol Based Vlan Group Membership To modify protocol based Vlan information Voice Vlan Auto-VoIP Configuration Configure Protocol-Based Auto VoIP Settings XS712T Smart Switch Port Settings OUI Based Properties OUI Table  To delete one or more OUI prefixes from the table Spanning Tree Protocol STP Configuration 100 CST Configuration 101 CST Port Configuration 102 103 CST Port Status 104 Rapid STP 105 MST Configuration 106 107 MST Port Configuration To delete an MST instance 108 STP Statistics 109 110 111 MulticastBridge Multicast Forwarding Mfdb Table 112 Mfdb Statistics 113 114 Auto-VideoIgmp Snooping Igmp Snooping Configuration 115 Igmp Snooping Interface Configuration 116 Igmp Snooping Table 117 Igmp Snooping Vlan Configuration 118 119 Multicast Router Configuration To disable Igmp snooping on one or more VLANs Multicast Router Vlan Configuration 120 121 Igmp Snooping Querier ConfigurationIgmp Snooping Querier Igmp Snooping Querier Vlan Configuration 122 Igmp Snooping Querier Vlan Status 123 124 MLD SnoopingIgmp snooping querier Vlan status 125 MLD Snooping ConfigurationMLD Interface Configuration 126 MLD Vlan Configuration 127  To disable MLD snooping on a Vlan 128 Querier Configuration 129 Querier Vlan Configuration 130 131  To remove an MLD snooping querier configuration Forwarding DatabaseMAC Address Table 132 Dynamic Address Configuration 133 Address Table 134 Static MAC Address 135  To delete a static MAC address 136 Configure IP Settings 137 138 IP Statistics To display the IP statistics screen IP routing statistics 139 XS712T Smart Switch IP routing statistics 140 141 142 Configure Vlan RoutingVlan Routing Wizard 143 Vlan Routing Configuration 144 145 Configure Router DiscoveryRouter Discovery Configuration Configure and View Routes 146 147  To delete one or more static routesRouting table information Configure ARP ARP Cache To display entries in the ARP table 148 Create a Static ARP Entry ARP cache informationARP cache information for routing VLANs 149 Configure Global ARP Settings 150 151 Remove an ARP Entry From the ARP Cache All Dynamic Entries All Dynamic and Gateway EntriesSpecific Static Entry 152 Class of Service 153 Basic CoS Configuration 154 CoS Interface Configuration 155 Interface Queue Configuration 156 157 802.1p to Queue Mapping 158 Dscp to Queue Mapping 159 160 Differentiated ServicesDefining DiffServ 161 Diffserv ConfigurationDiffServ MIB table information Class Configuration  To configure the class match criteria To rename an existing class  To delete a class 163 164 IPv6 Class Configuration 165 166 Policy Configuration To delete a policy 167 168 Service Configuration 169 Service Statistics  To display the service statistics screenService statistics  To remove a policy from an interface 171 Management Security SettingsChange Password  To reset the password to the default value 172 173 Radius ConfigurationGlobal Configuration Radius Server Configuration 174 175  To delete a configured Radius serverRadius server statistics Accounting Server Configuration 176 Radius accounting server statistics 177 178 Configuring TACACS+TACACS+ Configuration TACACS+ Server Configuration 179 180 Authentication List ConfigurationHttp Authentication List Https Authentication List 181 Dot1x Authentication List 182 183 Configure Management AccessHttp Configuration Secure Http Configuration 184 Certificate Management 185 Certificate Download 186 187 188 Access ControlAccess Profile Configuration Access Rule Configuration 189 190 Port Authentication802.1X Configuration Port Authentication 191 192 193 Port authentication status information 194  To access the port Summary screen XS712T Smart Switch Port authentication status informationPort Summary 195 Ieee 802.1X port summary information 196 MAC Filter Configuration XS712T Smart Switch Ieee 802.1X port summary informationTraffic Control 197  To delete a configured MAC filter 198 MAC Filter Summary  To display the MAC filter summary screenMAC filter summary information 199 Storm Control 200 Port Security Configuration 201 202 Port Security Interface ConfigurationPort security violation information 203 204 Security MAC AddressDynamic MAC address table information 205 Private Vlan ConfigurationProtected Ports Membership 206 Private Vlan Association ConfigurationPrivate Vlan type table information 207 Private Vlan Port Mode ConfigurationPrivate Vlan association table information Private Vlan Host Interface Configuration 208 Private Vlan host interface table information 209 Private Vlan Promiscuous Interface Configuration 210 Private Vlan promiscuous interface table information 211 Configuring Access Control Lists 212 ACL Wizard 213  To remove a rule 214 215  To add a MAC ACL Select Security Basic MAC ACL To change the name of a MAC ACL 216 MAC Rules To delete a MAC ACL 217  To change the match criteria for a rule To delete a rule MAC Binding Configuration 218 219 MAC Binding TableMAC binding table information  To delete an IP ACL 220 221 IP Rules To add IP rules Select Security ACL Advanced IP Rules IP Extended Rules  To modify the match criteria for an ACL rule To delete and IP ACL rule 222 223 224 IPv6 ACL 225 IPv6 Rules  To add an IPv6 ACL Select Security ACL Advanced IPv6 ACL To delete an IPv6 ACL 226 227 228  To delete an IPv6 rule 229 IP Binding Configuration 230 231 IP Binding TableIP binding table information 232 Vlan Binding Table To delete a Vlan binding Switch Statistics 233 Switch statistics 234 XS712T Smart Switch Switch statistics 235 236 Port StatisticsPort statistics  To reset the counters for all interfaces on the switch  To reset the counters for a specific interfaceXS712T Smart Switch Port statistics 237 Port Detailed Statistics 238 Detailed interface statistics 239 XS712T Smart Switch Detailed interface statistics 240 241 242 243 244 245 EAP StatisticsEAP statistics XS712T Smart Switch EAP statistics 246 Cable Test 247 248 LogsCable information Memory Log 249 Flash Log 250 251 Server Log 252  To modify the settings for an existing host  To add a remote syslog host log server To delete an existing host 253 Trap Logs  To view trap log informationTrap log statistics Trap log information Event Logs  To view the event logsEvent log information 255 Mirroring 256  To delete a mirrored port 257 258 259 ResetDevice Reboot 260 Factory DefaultUpload Tftp File Upload 261 Http File Upload 262 263 DownloadTftp File Download 264 Http File Download 265 266 File ManagementCopy Dual Image Configuration 267 Dual Image Status 268 Network Utilities 269 270 271 Configure the Device To modify switch information Change the Switch Password  To change the switch passwordClick Change Password 272 Manage the Switch Configuration and Firmware Upload and Download the ConfigurationClick Upload Configuration 273 Click Download Configuration 274 275 Upgrade the Firmware To upgrade your firmware 276 View and Manage Tasks 277 278 279 Troubleshooting Configuration MenuPing 280 Ping IPv6 281 TraceRoute 282 283 Troubleshooting ChartTroubleshooting chart 284 Virtual Local Area Networks VLANs 285 Sample Vlan Configuration 286 Access Control Lists ACLs 287 MAC ACL Example Configuration Assign Queue Match Every. False CoSDestination MAC Mask Ffff Vlan ID Sample Standard IP ACL Configuration Rule ID Action. DenyMatch Every. False Source IP Address Rule ID Differentiated Services DiffServ 290 291 ClassDiffServ Traffic Classes 292 Create PoliciesTraffic Conditioning Policy Sample DiffServ Configuration Class Name. Class1 Class Type. AllProtocol Type. UDP Source IP Address Destination IP Address Destination Mask 294 802.1XAssign Queue Policy Attribute. Simple Policy 295 296 Sample 802.1X ConfigurationSecret Configured. Yes Mstp 297 298 299 Sample Mstp ConfigurationSwitch 1 Switch 2 Switch 3 300 MST IDMST ID Priority Vlan ID Sample Vlan Routing Configuration Vlan Routing with a Static RouteVlan Routing Overview 301 302 303 XS712T Smart Switch SpecificationsSmart Switch specifications 304 XS712T Switch Features and DefaultsSwitch features and defaults XS712T Smart Switch Switch features and defaults 305 306 Netgear Wired Products Certificate of the Manufacturer/ImporterBestätigung des Herstellers/Importeurs FCC Caution 308 Europe EU Declaration of ConformityEdoc in Languages of the European Community FCC Requirements for Operation in the United States FCC Information to UserFCC Guidelines for Human Exposure FCC Declaration Of Conformity FCC Radio Frequency Interference Warnings & Instructions 310