xStack® DES-3528/DES-3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide
265
create access_profile
Purpose
Used to create an access profile on the Switch and to define which parts of each incoming
frame’s header the Switch will examine. Masks can be entered that will be combined with the
values the Switch finds in the specified frame header fields. Specific values for the rules are
entered using the
create access_profile
command below.
Syntax
create access_profile profile_id <value 1-14> profile_name <name 1-32> [ethernet
{vlan {<hex 0x0-0x0fff>} | source_mac <macmask> | destination_mac <macmask> |
802.1p | ethernet_type} | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all |
{urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>
{user_define_mask <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_chunk_1
<value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> |
offset_chunk_3 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex
0x0-0xffffffff>} | ipv6 {[{class | flowlabel | [tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>}]} | source_ipv6_mask <ipv6mask> |
destination_ipv6_mask <ipv6mask>]}]
Description
This command is used to create an access profile on the Switch and to define which parts of
each incoming frame’s header the Switch will examine. Masks can be entered that will be
combined with the values the Switch finds in the specified frame header fields. Specific
values for the rules are entered using the
config access_profile
command, below.
Parameters
ethernet
−
Specifies that the Switch will examine the layer 2 part of each packet header.
•
vlan
−
Specifies that the Switch will examine the VLAN part of each packet header.
•
source_mac <macmask>
−
Specifies a MAC address mask for the source MAC
address. This mask is entered in a hexadecimal format.
•
destination_mac <macmask>
−
Specifies a MAC address mask for the destination
MAC address.
•
802.1p
−
Specifies that the Switch will examine the 802.1p priority value in the
frame’s header.
•
ethernet_type
−
Specifies that the Switch will examine the Ethernet type value in
each frame’s header.
ip
−
Specifies that the Switch will examine the IP address in each frame’s header.
vlan
−
Specifies a VLAN mask.
source_ip_mask <netmask>
−
Specifies an IP address mask for the source IP address.
destination_ip_mask <netmask>
−
Specifies an IP address mask for the destination IP
address.
dscp
−
Specifies that the Switch will examine the DiffServ Code Point (DSCP) field in each
frame’s header.
icmp
−
Specifies that the Switch will examine the Internet Control Message Protocol (ICMP)
field in each frame’s header.
•
type
−
Specifies that the Switch will examine each frame’s ICMP Type field.
•
code
−
Specifies that the Switch will examine each frame’s ICMP Code field.
igmp
−
Specifies that the Switch will examine each frame’s Internet Group Management
Protocol (IGMP) field.
type
−
Specifies that the Switch will examine each frame’s IGMP Type field.
tcp –
Specifies that the Switch will examine each frame’s Transmission Control Protocol
(TCP) field.
src_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the source port.
dst_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the destination port.
flag_mask
– Enter the appropriate flag_mask parameter. All incoming packets have TCP port
numbers contained in them as the forwarding criterion. These numbers have flag bits
associated with them which are parts of a packet that determine what to do with the packet.