DES-1228/ME Metro Ethernet Managed Switch CLI Reference Guide
217
config access_profile
syn | fin } (1) ] } | udp {src_port <value 0-65535> | dst_port <value 0-65535> } | protocol_id
<value 0-255> } (1) ] } | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6
<ipv6addr> {mask <ipv6mask>} | [ tcp {src_port < value 0-65535> {mask <hex 0x0-0xffff> } |
dst_port < value 0-65535>{ mask <hex 0x0-0xffff>}} udp {src_port <value 0-65535> {mask
<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} (1) ]}] [port
[<portlist>|all]] [permit {priority<value 0-7> {replace_priority} | replace_dscp_with <value0-63>|
counter [enable | disable] } | deny | mirror ] | delete access_id <value 1-65535>]
Description
This command is used to configure an access profile on the Switch and to enter specific values
that will be combined, using a logical AND operational method, with masks entered with the
create access_profile command, above.
Parameters
profile_id <value 1-256>
−
Enter an integer used to identify the access profile that will be
configured with this command. This value is assigned to the access profile when it is
created with the create access_profile command. The profile ID sets the relative priority
for the profile and specifies an index number that will identify the access profile being
created with this command. Priority is set relative to other profiles where the lowest
profile ID has the highest priority. The user may enter a profile ID number between 1
and 256.
add access_id <value 1-65535>
−
Adds an additional rule to the above specified access profile.
The value is used to index the rule created. For information on number of rules that can be
created for a given port, please see the introduction to this chapter.
auto_assign – Choose this parameter to configure the Switch to automatically assign a
numerical value (between 1 and 65535) for the rule being configured.
ethernet
−
Specifies that the Switch will look only into the layer 2 part of each packet.
vlan <vlan_name 32>
−
Specifies that the access profile will only apply to the VLAN with this
name.
vlan_id <vid>
−
Specifies that the access profile will only apply to packets belonging to the
VLAN with this ID.
source_mac <macaddr>
−
Specifies that the access profile will apply to only packets with
this source MAC address.
destination_mac <macaddr>
−
Specifies that the access profile will apply to only packets
with this destination MAC address.
802.1p <value 0-7>
−
Specifies that the access profile will apply only to packets with this
802.1p priority value.
ethernet_type <hex 0x0-0xffff>
−
Specifies that the access profile will apply only to packets
with this hexadecimal 802.1Q Ethernet type value in the packet header.
Parameters
ip
−
Specifies that the Switch will look into the IP fields in each packet.
vlan <vlan_name 32>
−
Specifies that the access profile will only apply to the VLAN with this
name.
vlan_id <vid>
−
Specifies that the access profile will only apply to packets belonging to the
VLAN with this VLAN ID.
source_ip <ipaddr>
−
Specifies that the access profile will apply to only packets with this
source IP address.
destination_ip <ipaddr>
−
Specifies that the access profile will apply to only packets with this
destination IP address.
dscp <value 0-63>
−
Specifies that the access profile will apply only to packets that have
this value in their Type-of-Service (DiffServ code point, DSCP) field in their IP packet
header.
icmp
−
Specifies that the Switch will examine the Internet Control Message Protocol (ICMP)
field within each packet.
type
−
Specifies that the Switch will examine each frame’s ICMP Type field.
code
−
Specifies that the Switch will examine each frame’s ICMP Code field.
igmp
−
Specifies that the Switch will examine the Internet Group Management Protocol
(IGMP) field within each packet.
type – Specifies that the Switch will examine each frame’s IGMP Type field.