Support User Manuals

D-Link DES-3800 Series Switch User Manual

Open as PDF

of 407

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch

207

• value (48-63) – Enter a value in hex form to mask the packet from byte 48 to byte 63.

• value (64-79) – Enter a value in hex form to mask the packet from byte 64 to byte 79.

With this advanced unique Packet Content Mask (also known as Packet Content Access Control

List - ACL),

D-Link xStack switch family can effectively mitigate some network attacks like the

common ARP Spoofing attack that is wide spread today. This is the reason why Packet Content

ACL is able to inspect any specified content of a packet in different protocol layers.

Click Apply to implement changes made.

NOTE: Address Resolution Protocol (ARP) is the standard for finding a

host's hardware address (MAC Address). However, ARP is vulnerable as

it can be easily spoofed and utilized to attack a LAN. For a more detailed

explanation on how ARP works and how to employ D-Link’s advanced

unique Packet Content ACL to prevent ARP spoofing attack, please see

Appendix F, at the end of this manual.

The page shown below is the IPv6 Access Profile configuration window.

Figure 10- 5. Access Profile Configuration (IPv6)

This screen will aid the user in configuring the Switch to mask packet headers beginning with the offset value specified. The

following fields are used to configure the IPv6:

Parameter Description

Profile ID (1-255)

Type in a unique identifier number for this profile set. This value can be set from 1 to 255. Yet

only 9 access profiles can be created on the Switch.

Type

Select profile based on Ethernet (MAC Address), IP Address, Packet Content or IPv6 address.

This will change the menu according to the requirements for the type of profile.

• Select Ethernet to instruct the Switch to examine the layer 2 part of each packet

header.

• Select IP to instruct the Switch to examine the IP address in each frame's header.

• Select Packet Content Mask to specify a mask to hide the content of the packet

header.

• Select IPv6 to instruct the Switch to examine the IPv6 address in each frame's

header.

Class

Checking this field will instruct the Switch to examine the class field of the IPv6 header. This

class field is a part of the packet header that is similar to the Type of Service (ToS) or

Precedence bits field in IPv4.

Flowlabel

Checking this field will instruct the Switch to examine the flow label field of the IPv6 header.

This flow label field is used by a source to label sequences of packets such as non-default

previous next