1. Home
  2. D-Link
  3. D-Link DGS-1520 User Manual
  4. Page 595

D-Link DGS-1520 Dgs-1210 Smart Managed Gigabit Switches

User Manual - Page 595

For DGS-1520.

PDF File Manual, 598 pages, Read Online | Download pdf file

DGS-1520 photo
Loading ...
Loading ...
Loading ...
DGS-1520 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide
585
Parameter Description
any
Specifies any source IP address or any destination IP address to be configured.
DST-IP-ADDR
Specifies a specific destination host IP address.
DST-IP-NET-ADDR
Specifies a group of destination IP addresses with a mask width of the form
1.2.3.4/24.
DST-IPV6-ADDR
Specifies a specific destination host IPv6 address.
DST-IPV6-NET-ADDR
Specifies a group of destination IPv6 network of the form 2000::1/64.
tcp, udp, icmp
Specifies Layer 4 protocols.
ip
Specifies that any protocol will match.
IP-PROT-VALUE
Specifies the IP protocol value. The valid value is from 0 to 255.
TCP-PORT-RANGE
(Optional) Specifies to match TCP port or port range. The form is like 22-23, 80.
UDP-PORT-RANGE
(Optional) Specifies to match UDP port or port range. The form is like 56, 67-68.
ICMP-TYPE
(Optional) Specifies the ICMP message type. The valid number for the message
type is from 0 to 255.
Example
This example shows how to deny host’s telnet service on the RADIUS server.
Nas-filter-Rule="deny in tcp from any to any 23"
Nas-filter-Rule+="permit in ip from any to any"
This example shows how to limit host to access a group of IP address on the RADIUS server.
Nas-filter-Rule="permit in ip from any to 10.10.10.1/24"
Nas-filter-Rule+="permit in ip from any to fe80::d1:1/64"
The parameters of the Vendor-Specific Attribute are:
RADIUS Tunnel Attribute Description Value Usage
Vendor-ID Defines the vendor. 171 (DLINK) Required
Vendor-Type Defines the attribute. 14 (for ACL script) Required
Attribute-Specific Field IPv6 filter rule. Used to accept
IPv6 address related inputs.
This attribute indicates either of
the following IP modes for NAS-
Filter-Rule
1=Forward IPv4 and IPv6 traffic
2=Forward IPv4-only traffic (drop
any IPv6 traffic)
If this attribute is not assigned by
RADIUS server, forward IPv4-
only traffic, any IPv6 packet will
be dropped.
Required
NOTE: If both proprietary ACL script (VSA14) and standard NAS-Filter-Rule (92) are assigned at the
same time, NAS-Filter-Rule (92) will take effect, and VSA14 will be ignored.
Loading ...
Loading ...
Loading ...