DGS-3312SR Layer 3 Gigabit Switch
189
create access_profile
•
flag_mask [ all | {urg | ack | psh | rst | syn | fin}]
– Enter the
appropriate flag_mask parameter. All incoming packets have TCP
port numbers contained in them as the forwarding criterion. These
numbers have flag bits associated with them which are parts of a
packet that determine what to do with the packet. The user may
deny packets by denying certain flag bits within the packets. The
user may choose between
all
,
urg
(urgent),
ack
(acknowledgement),
psh
(push),
rst
(reset),
syn
(synchronize) and
fin
(finish).
•
udp
−
Specifies that the switch will examine each frame’s Universal
Datagram Protocol (UDP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for
the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for
the destination port.
•
protocol_id
−
Specifies that the switch will examine each frame’s
Protocol ID field.
•
user_define_mask <hex 0x0-0xffffffff>
−
Specifies that the rule
applies to the IP protocol ID and the mask options behind the IP
header.
•
packet_content_mask
– Specifies that the switch will mask the
packet header beginning with the offset value specified as follows:
•
offset_0-15
– Enter a value in hex form to mask the packet from
the beginning of the packet to the 16
th
byte.
•
offset_16-31
- Enter a value in hex form to mask the packet from
byte 16 to byte 31.
•
offset_32-47
- Enter a value in hex form to mask the packet from
byte 32 to byte 47.
•
offset_48-63
- Enter a value in hex form to mask the packet from
byte 48 to byte 63.
•
offset_64-79
- Enter a value in hex form to mask the packet from
byte 64 to byte 79.
port <portlist>
- Specifies a port or range of ports to be configured. The
port list is specified by listing the lowest switch number and the beginning
port number on that switch, separated by a colon. Then the highest switch
number, and the highest port number of the range (also separated by a
colon) are specified. The beginning and end of the port list range are
separated by a dash. For example, 1:3 specifies switch number 1, port 3.
2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all of the ports
between switch 1, port 3 and switch 2, port 4
−
in numerical order.
all
– denotes all ports on the switch.
profile_id <value 1-255>
−
Specifies an index number that will identify the
access profile being created with this command.
Restrictions Only
administrator-level users can issue this command.
Example usage:
To create an access profile that will deny service to the subnet ranging from 10.42.73.0 to 10.42.73.255: