xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
148
create access_profile (for Ethernet)
Purpose
Used to create an access profile on the Switch by examining the Ethernet part of
the packet header. Masks entered can be combined with the values the Switch
finds in the specified frame header fields. Specific values for the rules are entered
using the
config access_profile
command, below.
Syntax
create access_profile [ethernet {vlan | source_mac <macmask> |
destination_mac <macmask> | 802.1p | ethernet_type} profile_id <value 1-
255>]
Description
This command will allow the user to create a profile for packets that may be
accepted, denied or mirrored by the Switch by examining the Ethernet part of the
packet header. Specific values for rules pertaining to the Ethernet part of the
packet header may be defined by configuring the
config access_profile
command for Ethernet, as stated below.
Parameters
ethernet
- Specifies that the Switch will examine the layer 2 part of each packet
header with emphasis on one or more of the following:
•
vlan
−
Specifies that the Switch will examine the VLAN part of each packet
header.
•
source_mac <macmask>
−
Specifies a MAC address mask for the source
MAC address. This mask is entered in the following hexadecimal format:
000000000000-FFFFFFFFFFFF
•
destination_mac <macmask>
−
Specifies a MAC address mask for the
destination MAC address in the following format: 000000000000-
FFFFFFFFFFFF
•
802.1p
−
Specifies that the Switch will examine the 802.1p priority value in
the frame’s header.
•
ethernet_type
−
Specifies that the Switch will examine the Ethernet type
value in each frame’s header.
profile_id <value 1-255>
- Specifies an index number between 1 and 255 that will
identify the access profile being created with this command.
Restrictions
Only Administrator or Operator-level users can issue this command.
Example usage:
To create a Ethernet access profile:
DES-3800:admin#create access_profile ethernet vlan 802.1p profile_id 1
Command: create access_profile ethernet vlan 802.1p profile_id 1
Success.
DES-3800:admin#
config access_profile profile_id (for Ethernet)
Purpose
Used to configure the Ethernet access profile on the Switch and to define specific
values for the rules that will be used to by the Switch to determine if a given packet
should be forwarded, filtered or mirrored. Masks entered using the
create
access_profile
command will be combined, using a logical AND operational
method, with the values the Switch finds in the specified frame header fields.
Syntax
config access_profile profile_id <value 1-255> [add access_id [auto_assign |
<value 1-65535> [ethernet {vlan <vlan_name 32> | source_mac <macaddr> |
destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff>} port <port> [permit {priority <value 0-7> {replace_priority} |
replace_dscp <value 0-63> } | deny | mirror] delete <value 1-65535>]