DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
Page | 365
C
OMMAND
P
ARAMETERS
32>} | delete access_id <value 1-100>]
show cpu
access_profile
profile_id <value 1-5>
config flow_meter
[profile_id <value 1-12> | profile_name <name 1-32>] access_id <value 1-
128>[rate [<value 0-1000000>] {burst_size [<value 0-16384>]} rate_exceed
[drop_packet | remark_dscp <value 0-63>] |tr_tcm cir <value 0-1000000>
{cbs <value 0-16384>} pir <value 0-1000000> {pbs <value 0-16384>}
{conform [permit | replace_dscp <value 0-63>] {counter [enable |disable]}}
exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable
|disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter
[enable |disable]} |sr_tcm cir <value 0-1000000> cbs <value 0-16384> ebs
<value 0-16384> {conform [permit | replace_dscp <value 0-63>] {counter
[enable |disable]}} exceed [permit {replace_dscp <value 0-63>} | drop]
{counter [enable |disable]} violate [permit {replace_dscp <value 0-63>} |
drop] {counter [enable |disable]} |delete ]
show flow_meter
{ [profile_id < value 1-12> | profile_name <name 1-32>] { access_id < value 1-
128 >}}
config time_range
<range_name 32> [ hours start_time < time hh:mm:ss > end_time< time
hh:mm:ss > weekdays <daylist> | delete]
show time_range
show current_config
access_profile
Access profiles allow users to establish criteria to determine whether or not the Switch will forward packets
based on the information contained in each packet’s header.
Creating an access profile is divided into two basic parts. First, an access profile must be created using the
create access_profile
command. For example, if users want to deny all traffic to the subnet 10.42.73.0 to
10.42.73.255, users must first
create
an access profile that instructs the Switch to examine all of the relevant
fields of each frame.
First create an access profile that uses IP addresses as the criteria for examination:
create access_profile profile_id 1 profile_name 1 ip source_ip_mask 255.255.255.0
Here we have created an access profile that will examine the IP field of each frame received by the Switch.
Each source IP address the Switch finds will be combined with the
source_ip_mask
with a logical AND
operation. The
profile_id
parameter is used to give the access profile an identifying number
−
in this case,
1 – and it is used to assign a priority in case a conflict occurs. The
profile_id
establishes a priority within the
list of profiles. A lower
profile_id
gives the rule a higher priority. In case of a conflict in the rules entered
for different profiles, the rule with the highest priority (lowest profile_id) will take precedence.
See below for information regarding limitations on access profiles and access rules.
The
deny
parameter instructs the Switch to filter any frames that meet the criteria
−
in this case, when a
logical AND operation between an IP address specified in the next step and the
ip_source_mask
match.
The default for an access profile on the Switch is to
permit
traffic flow. If users want to restrict traffic, users
must use the
deny
parameter.
Now that an access profile has been created, users must add the criteria the Switch will use to decide if a
given frame should be forwarded or filtered. We will use the
config access_profile
command to create a
new rule that defines the criteria we want. Let’s further specify in the new rule to deny access to a range of
IP addresses through an individual port: Here, we want to filter any packets that have an IP source address
