xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
154
create access_profile (packet content mask)
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} profile_id <value 1-255>}
Description
This command is used to identify packets by examining the Ethernet packet header,
by byte and then decide whether to filter or forward it, based on the user’s
configuration. The user will specify which bytes to examine by entering them into the
command, in hex form, and then selecting whether to forward, filter or mirror them,
using the
config access_profile
command.
Parameters
packet_content_mask
– Allows users to examine any specified content up to 80
bytes within a packet at one time and specifies that the Switch will mask the packet
header beginning with the offset value specified as follows:
•
offset_0-15
– Enter a value in hex form to mask the packet from the beginning
of the packet to the 15th byte.
•
offset_16-31
- Enter a value in hex form to mask the packet from byte 16 to
byte 31.
•
offset_32-47
- Enter a value in hex form to mask the packet from byte 32 to
byte 47.
•
offset_48-63
- Enter a value in hex form to mask the packet from byte 48 to
byte 63.
•
offset_64-79
- Enter a value in hex form to mask the packet from byte 64 to
byte 79. With this advanced unique Packet Content Mask (also known as
Packet Content Access Control List - ACL), D-Link xStack switch family can
effectively mitigate some network attacks like the common ARP Spoofing attack
widely spreading today. This is for the reason that Packet Content ACL is able
to inspect any specified content of a packet in different protocol layers.
profile_id <value 1-255>
- Specifies an index number between 1 and 255 that will
identify the access profile being created with this command.
Restrictions
Only Administrator or Operator-level users can issue this command.
Example usage:
To create an Access profile by packet content mask:
DES-3800:admin#create access_profile packet_content_mask
offset_0-15 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF
offset_16-31 0xFFFF 0xFFFF0000 0xF 0xF000000 profile_id 3
Command: create access_profile packet_content_mask offset_0-15
0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF offset_16-31
0xFFFF 0xFFFF0000 0xF 0xF000000 profile_id 3
Success.
DES-3800:admin#
config access_profile profile_id (packet content mask)
Purpose
To configure the rule for a previously created access profile command based on
the packet content mask. Packet content masks entered will specify certain bytes
of the packet header to be identified by the Switch. When the Switch recognizes a
packet with the identical byte as the one configured, it will either forward, filter or
mirror the packet, based on the users command entered here.
Syntax
config access_profile profile_id <value 1-8> [add access_id <value 1-65535>
packet_content_mask {offset_0-15 <hex0x0-0xffffffff> <hex 0x0-0xffffffff>