xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
254
config access_profile (for Ethernet)
{time_range <range_name 32>}
– Choose this parameter and enter the name of the Time
Range settings that has been previously configured using the
config time_range
command. This will set specific times when this access rule will be enabled or disabled on
the Switch.
delete access_id <value 1-128>
−
Use this command to delete a specific rule from the
Ethernet profile. Up to 128 rules may be specified for the Ethernet access profile.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure a rule for the Ethernet access profile:
DGS-3627:5#config access profile profile_id 1 add access_id 1 ethernet vlan
Tiberius 802.1p 1 port 1 permit priority 1 replace priority
Command: config access profile profile_id 1 add access_id 1 ethernet vlan Tiberius
802.1p 1 port 1 permit priority 1 replace priority
Success.
DGS-3627:5#
create access_profile (IP)
Purpose
Used to create an access profile on the Switch by examining the IP part of the packet
header. Masks entered can be combined with the values the Switch finds in the specified
frame header fields. Specific values for the rules are entered using the
config
access_profile
command, below.
Syntax
create access_profile profile_id <value 1-14> ip {vlan | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all |
{urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>| protocol_id_mask <hex 0x0-0xff>
{user_define_mask <hex 0x0-0xffffffff}]}
Description
This command will allow the user to create a profile for packets that may be accepted or
denied by the Switch by examining the IP part of the packet header. Specific values for
rules pertaining to the IP part of the packet header may be defined by configuring the
config access_profile
command for IP, as stated below.
Parameters
ip
−
Specifies that the Switch will look into the IP fields in each packet with special
emphasis on one or more of the following:
•
profile_id <value 1-14>
−
Specifies an index number between
1
and
14
that will
identify the access profile being created with this command.
•
vlan
−
Specifies that the Switch will examine the VLAN part of each packet header.
•
source_ip_mask <netmask>
−
Specifies an IP address mask for the source IP
address.
•
destination_ip_mask <netmask>
−
Specifies an IP address mask for the destination
IP address.
•
dscp
−
Specifies that the Switch will examine the DiffServ Code Point (DSCP) field in
each frame’s header.
•
icmp
−
Specifies that the Switch will examine the Internet Control Message Protocol
(ICMP) field in each frame’s header.
•
type
−
Specifies that the Switch will examine each frame’s ICMP Type
field.
•
code
−
Specifies that the Switch will examine each frame’s ICMP Code
field.
•
igmp
−
Specifies that the Switch will examine each frame’s Internet Group