xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
337
create cpu access_profile
Purpose
Used to create an access profile specifically for
CPU Interface Filtering
on the Switch and to define which
parts of each incoming frame’s header the Switch will examine. Masks can be entered that will be combined
with the values the Switch finds in the specified frame header fields. Specific values for the rules are
entered using the
config cpu access_profile
command, below.
Syntax
create cpu access_profile [ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |
ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp |
[icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>} | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id {user_mask <hex 0x0-0xffffffff>} ]} |
packet_content_mask {offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff>| offset 16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | {offset 32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | {offset 48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | {offset 64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff>}] [profile_id value 1-5>]
Description
The
create cpu access_profile
command is used to create an access profile used only for CPU Interface
Filtering. Masks can be entered that will be combined with the values the Switch finds in the specified frame
header fields. Specific values for the rules are entered using the
config cpu access_profile
command,
below.
Parameters
ethernet
−
Specifies that the Switch will examine the layer 2 part of each packet header.
•
vlan
−
Specifies that the Switch will examine the VLAN part of each packet header.
•
source_mac <macmask> -
Specifies to examine the source MAC address mask.
•
destination_mac <macmask> -
Specifies to examine the destination MAC address mask.
•
ethernet_type
−
Specifies that the switch will examine the Ethernet type value in each frame’s header.
ip
−
Specifies that the switch will examine the IP address in each frame’s header.
•
vlan
−
Specifies a VLAN mask.
•
source_ip_mask <netmask>
−
Specifies an IP address mask for the source IP address.
•
destination_ip_mask <netmask>
−
Specifies an IP address mask for the destination IP address.
•
dscp
−
Specifies that the switch will examine the DiffServ Code Point (DSCP) field in each frame’s
header.
•
icmp
−
Specifies that the switch will examine the Internet Control Message Protocol (ICMP) field in
each frame’s header.
•
type
−
Specifies that the switch will examine each frame’s ICMP Type field.
•
code
−
Specifies that the switch will examine each frame’s ICMP Code field.
•
igmp
−
Specifies that the switch will examine each frame’s Internet Group Management Protocol
(IGMP) field.
•
type
−
Specifies that the switch will examine each frame’s IGMP Type field.
•
tcp
−
Specifies that the switch will examine each frames Transport Control Protocol (TCP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the destination port.
•
flag_mask - all | {urg | ack | psh | rst | syn | fin
– Enter the appropriate flag_mask parameter. All
incoming packets have TCP port numbers contained in them as the forwarding criterion. These
numbers have flag bits associated with them which are parts of a packet that determine what to do
with the packet. The user may deny packets by denying certain flag bits within the packets. The user
may choose between
all
,
urg
(urgent),
ack
(acknowledgement),
psh
(push),
rst
(reset),
syn
(synchronize) and
fin
(finish).
•
udp
−
Specifies that the switch will examine each frame’s User Datagram Protocol (UDP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for the source port.