DGS-3000 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
88
show time_range
show current_config access_profile
create access_profile
6-1
Description
This command is used to create access control list profiles.
When creating ACL, each profile can have 256 rules/access IDs. However, when creating ACL
type as Ethernet or IPv4 at the first time, 62 rules are reserved for the system. In this case, only
194 rules are available to configure. You can use the
show access_prfile
command to see the
available rules.
Support for field selections can have additional limitations that are project dependent.
For example, for some hardware, it may be invalid to specify a destination and source IPv6
address at the same time. The user will be prompted with these limitations.
The Switch supports the following profile types:
1. MAC DA, MAC SA, Ethernet Type, Outer VLAN Tag
2. Outer VLAN Tag, Source IPv4, Destination IPv4, DSCP, Protocol ID, TCP/UDP Source
Port, TCP/UDP Destination Port, ICMP type/code, IGMP type, TCP flags
3. Source IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)
4. Destination IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)
5. Class, Flow Label, IPv6 Protocol (Next Header), TCP/UDP source port, TCP/UDP
destination port, ICMP type/code, Outer VLAN Tag
6. Packet Content, Outer VLAN Tag
7. MAC SA, Ethernet Type, Source IPv4/ARP sender IP, Outer VLAN Tag
8. LLC Header/SNAP Header, Outer VLAN Tag
9. Source IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag
10. Destination IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag
NOTE:
Profile Types 7 and 8 are not user configurable. Only system applications are allowed to
create this type of profiles.
Format
create access_profile profile_id <value 1-512> {profile_name <name 32>} [ethernet {vlan
{<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac
<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan {<hex 0x0-0x0fff>} |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code } |
igmp {type } | tcp {src_port_mask <hex0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> |
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask
<hex 0x0-0xffffffff>}]} | packet_content_mask { offset_chunk_1 <value 0-31> <hex 0x0-
0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31>
<hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>} | ipv6 {class |
flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp { src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code }]}]
Parameters
profile_id
- Specify the index of the access list profile.
<value 1-512>
- Enter the profile ID here. This value must be between 1 and 512.
Summary of Contents for DGS-3000 series
Page 1: ......