xStack DGS-3612G Layer 3 Gigabit Ethernet Managed Switch CLI Manual
create access_profile (for Ethernet)
Description
This command will allow the user to create a profile for packets that may be accepted or
denied by the Switch by examining the Ethernet part of the packet header. Specific values for
rules pertaining to the Ethernet part of the packet header may be defined by configuring the
config access_profile
command for Ethernet, as stated below.
Parameters
profile_id <value 1-14>
- Specifies an index number between 1 and 14 that will identify the
access profile being created with this command.
ethernet
- Specifies that the Switch will examine the layer 2 part of each packet header with
emphasis on one or more of the following:
Restrictions Only
administrator-level users can issue this command.
•
vlan
−
Specifies that the Switch will examine the VLAN part of each packet header.
•
source_mac <macmask>
−
Specifies a MAC address mask for the source MAC
address. This mask is entered in the following hexadecimal format: 000000000000-
FFFFFFFFFFFF
•
destination_mac <macmask>
−
Specifies a MAC address mask for the destination MAC
address in the following format: 000000000000-FFFFFFFFFFFF
•
802.1p
−
Specifies that the Switch will examine the 802.1p priority value in the frame’s
header.
•
ethernet_type
−
Specifies that the Switch will examine the Ethernet type value in each
frame’s header.
Example usage:
To create an Ethernet access profile:
DGS-3612G:4# create access_profile profile_id 1 ethernet vlan 802.1p
Command: create access_profile profile_id 1 ethernet vlan 802.1p
Success.
DGS-3612G:4#
config access_profile (for Ethernet)
Purpose
Used to configure the Ethernet access profile on the Switch and to define specific values
for the rules that will be used to by the Switch to determine if a given packet should be
forwarded or filtered. Masks entered using the
create access_profile
command will be
combined, using a logical AND operational method, with the values the Switch finds in the
specified frame header fields.
Syntax
profile_id <value 1-14> [add access_id [auto_assign | <value 1-128> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> | destination_mac
<macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff>} | [permit | deny] | port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate [no_limit | <value 1-156249>]} | deny] {time_range
<range_name 32>} | delete access_id <value 1-128>]
Description
This command is used to define the rules used by the Switch to either filter or forward
packets based on the Ethernet part of each packet header.
Parameters
profile_id <value 1-14>
- Enter an integer between 1 and 14 that is used to identify the
access profile that will be configured with this command. This value is assigned to the
access profile when it is created with the
create access_profile
command. The lower the
profile ID, the higher the priority the rule will be given.
add access_id <value 1-128>
- Adds an additional rule to the above specified access
profile. The value specifies the relative priority of the additional rule. Up to 128 different
rules may be configured for the Ethernet access profile.
•
auto_assign
– Choose this parameter to configure the Switch to automatically assign
i l
l
(b t
1
d 128) f
th
l b i
fi
d
179