xStack DGS/DXS-3300 Series Layer 3 Stackable Gigabit Ethernet Switch CLI Manual
218
create access_profile (IP)
•
flag_mask [all | {urg | ack | psh | rst | syn | fin}]
– Enter the
appropriate flag_mask parameter. All incoming packets have
TCP port numbers contained in them as the forwarding
criterion. These numbers have flag bits associated with them
which are parts of a packet that determine what to do with the
packet. The user may deny packets by denying certain flag bits
within the packets. The user may choose between
all
,
urg
(urgent),
ack
(acknowledgement),
psh
(push),
rst
(reset),
syn
(synchronize) and
fin
(finish).
•
udp
−
Specifies that the Switch will examine each frame’s
Universal Datagram Protocol (UDP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port
mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port
mask for the destination port.
•
protocol_id
−
Specifies that the Switch will examine each
frame’s Protocol ID field.
•
user_define <hex 0x0-0xfffffff>
−
Enter a hexidecimal value
that will identify the protocol to be discovered in the packet
header.
profile_id <value 1-8>
- Specifies an index number between 1 and 8
that will identify the access profile being created with this command.
Restrictions Only
administrator-level users can issue this command.
Example usage:
To configure a rule for the Ethernet access profile:
DGS-3324SRi:4#create access_profile ip protocol_id profile_id 2
Command: create access_profile ip protocol_id profile_id 2
Success.
DGS-3324SRi:4#
config access_profile profile_id (IP)
Purpose
Used to configure the IP access profile on the Switch and to define specific
values for the rules that will be used to by the Switch to determine if a
given packet should be forwarded or filtered. Masks entered using the
create access_profile
command will be combined, using a logical AND
operational method, with the values the Switch finds in the specified frame
header fields.
Syntax
config access_profile profile_id <value 1-8> [add access_id
[auto_assign | <value 1-65535>] ip {vlan <vlan_name 32> | source_ip
<ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type
<value 0-255> code <value 0-255>} | igmp {type <value 0-255>} | tcp
{src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh
| rst | syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-
65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-
0xffffffff>}]} port <port> [permit {priority <value 0-7> {replace_priority}
| replace_dscp <value 0-63>} | deny | mirror] delete <value 1-65535>]