xStack
®
DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual
66
Command
Parameters
create cpu access_profile
profile_id
<value 1-5> [ethernet {vlan | source_mac <macmask 000000000000-ffffffffffff> |
destination_mac <macmask 000000000000-ffffffffffff> | ethernet_type} | ip {vlan |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code}
| igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> |
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask
<hex 0x0-0xffffffff>}]} | packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {[{class |
flowlabel} | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>]}]
config cpu access_profile
profile_id
<value 1-5> [ add access_id <value 1-100>[ ethernet { [vlan <vlan_name32> | vlan_id
<vlanid 1-4094>] | source_mac <macaddr 000000000000-ffffffffffff> | destination_mac
<macaddr 000000000000-ffffffffffff> | ethernet_type <hex 0x0-0xffff> }| ip{ [vlan
<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip
<ipaddr> | dscp <value 0-63> |[ icmp {type <value 0-255> | code <value 0-255>} |
igmp {type <value 0-255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> |
urg | ack | psh | rst | syn | fin } | udp {src_port <value 0-65535> | dst_port <value 0-
65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff>}]}|
packet_content {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> }| ipv6 {[ { class <value 0-255> |
flowlabel <hex 0x0-0xfffff>} | source_ipv6 <ipv6addr> | destination_ipv6
<ipv6addr>]}]port [<portlist> | all ][ permit | deny] {time_range <range_name 32>}| delete
access_id <value 1-100> ]
delete cpu access_profile
[profile_id <value 1-5> |all ]
show cpu access_profile
{profile_id <value 1-5>}
enable
cpu_interface_filtering
disable
cpu_interface_filtering
Each command is listed, in detail, in the following sections.
create access_profile
Purpose
Used to create access list rules.
Syntax
create access_profile [ethernet {vlan | source_mac <macmask 000000000000-
ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p |
ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-
0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg | ack | psh | rst | syn |
fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} |
protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}|
packet_content_mask { offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> |
offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex
0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}| ipv6 {class | flowlabel
| source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [ tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}]}] profile_id <value
1-6>