xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
151
create access_profile (IP)
type
−
Specifies that the Switch will examine each frame’s IGMP
Type field.
•
tcp
−
Specifies that the Switch will examine each frames Transport Control
Protocol (TCP) field.
src_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for
the source port.
dst_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for
the destination port.
flag_mask [all | {urg | ack | psh | rst | syn | fin}] – Enter the
appropriate flag_mask parameter. All incoming packets have
TCP port numbers contained in them as the forwarding
criterion. These numbers have flag bits associated with them
which are parts of a packet that determine what to do with the
packet. The user may deny packets by denying certain flag
bits within the packets. The user may choose between all, urg
(urgent), ack (acknowledgement), psh (push), rst (reset), syn
(synchronize) and fin (finish).
•
udp
−
Specifies that the Switch will examine each frame’s User Datagram
Protocol (UDP) field.
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for
the source port.
dst_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for
the destination port.
•
protocol_Id_mask
−
Specifies that the Switch will examine each frame’s
Protocol ID field.
user_define_mask <hex 0x0-0xfffffff>
−
Enter a hexidecimal value
that will identify the protocol to be discovered in the packet
header.
profile_id <value 1-255>
- Specifies an index number between 1 and 255 that will
identify the access profile being created with this command.
Restrictions
Only Administrator or Operator-level users can issue this command.
Example usage:
To configure a rule for the IP access profile:
DES-3800:admin#create access_profile ip protocol_id
profile_id 2
Command: create access_profile ip protocol_id profile_id 2
Success.
DES-3800:admin#
config access_profile profile_id (IP)
Purpose
Used to configure the IP access profile on the Switch and to define specific values
for the rules that will be used to by the Switch to determine if a given packet should
be forwarded, filtered or mirrored. Masks entered using the
create access_profile
command will be combined, using a logical AND operational method, with the values
the Switch finds in the specified frame header fields.
Syntax
config access_profile profile_id <value 1-255> [add access_id [auto_assign |
<value 1-65535>] ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip
<ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> code <value 0-255>} |
igmp {type <value 0-255>} | tcp {src_port <value 0-65535> | dst_port <value 0-
65535> | urg | ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> |
dst_port <value 0-65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-