xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
161
Command Parameters
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>| offset 16-31 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | {offset 32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 48-63 <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 64-
79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> }] {port [<portlist> | all]} profile_id <value 1-5>
delete cpu
access_profile
profile_id <value 1-5>
config cpu
access_profile
profile_id
<value 1-5> [add access_id <value 1-100> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | ethernet_type <hex 0x0-0xffff>}[permit | deny] | ip {vlan
<vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> |
dscp <value 0-63> | [icmp {type <value 0-255> code <value 0-255>} |
igmp {type <value 0-255>} | tcp {src_port <value 0-65535> | dst_port
<value 0-65535> | {urg | ack | psh | rst | syn | fin}]} | udp {src_port
<value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 -
255> {user_define <hex 0x0-0xffffffff>}]} [permit | deny] |
packet_content {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>| offset_16-31 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff>}[permit | deny] | delete access-id <value 1-100>]
enable cpu
interface_filtering
disable
cpu_interface_filtering
show
cpu_interface_filtering
show cpu
access_profile
{profile_id <value 1-5> {access_id <value 1-65535>}}
conifg arp_storm
{state [enable | disable] | threshold <int 8-1024>}
Access profiles allow you to establish criteria to determine whether or not the Switch will forward
packets based on the information contained in each packet’s header. These criteria can be specified on a
VLAN-by-VLAN basis.
Creating an access profile is divided into two basic parts. First, an access profile must be created using the
create access_profile
command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to
10.42.73.255, you must first
create
an access profile that instructs the Switch to examine all of the
relevant fields of each frame:
create access_profile ip source_ip_mask 255.255.255.0 profile_id 1
Here we have created an access profile that will examine the IP field of each frame received by the
Switch. Each source IP address the Switch finds will be combined with the
source_ip_mask
with a
logical AND operation. The
profile_id
parameter is used to give the access profile an identifying number
−
in this case,
1
. The
deny
parameter instructs the Switch to filter any frames that meet the criteria
−
in