xStack® DGS-3120 Series Layer 3 Managed Gigabit Ethernet Switch Web UI Reference Guide
287
Replace ToS Precedence
(0-7)
Specify that the IP precedence of the outgoing packet is changed with the new
value. If used without an action priority, the packet is sent to the default TC.
Time Range Name
Tick the check box and enter the name of the Time Range settings that has been
previously configured in the
Time Range
Settings
window. This will set specific
times when this access rule will be implemented on the Switch.
Counter
Here the user can select the counter. By checking the counter, the administrator
can see how many times that the rule was hit.
Mirror Group ID (1-4)
Enter the mirror group. When the packets match the access rule, the packets are
copied to the mirror port in the specified mirror group.
Ports
When a range of ports is to be configured, the Auto Assign check box MUST be
ticked in the Access ID field of this window. If not, the user will be presented with
an error message and the access rule will not be configured. Ticking the All Ports
check box will denote all ports on the Switch.
VLAN Name
Specify the VLAN name to apply to the access rule.
VLAN ID
Specify the VLAN ID to apply to the access rule.
Click the
Apply
button to accept the changes made.
Click the
<<Back
button to discard the changes made and return to the previous page.
After clicking the
Show Details
button in the
Access Rule List
, the following window will appear:
Figure 7-22 Access Rule Detail Information (Packet Content ACL)
Click the
Show All Rules
button to navigate back to the Access Rule List.
CPU Access Profile List
Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This
added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch’s CPU interface. Employed similarly to the Access Profile feature previously
mentioned, CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for
the CPU and will either forward them or filter them, based on the user’s implementation. As an added feature for
the CPU Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the
user to create various lists of rules without immediately enabling them.
NOTE:
CPU Interface Filtering is used to control traffic access to the switch directly such as protocols
transition or management access. A CPU interface filtering rule won’t impact normal L2/3 traffic
forwarding. However, an improper CPU interface filtering rule may cause the network to
become unstable.
To view CPU Access Profile List window, click
ACL > CPU Access Profile List
as shown below:
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a
frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is
entering the criteria the Switch will use to determine what to do with the frame. The entire process is described
below.
Summary of Contents for xStack DGS-3120 Series
Page 1: ......