xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
339
config cpu access_profile
Purpose
Used to configure a cpu access profile used for CPU Interface Filtering and to define
specific values that will be used to by the Switch to determine if a given packet should be
forwarded or filtered. Masks entered using the
create cpu access_profile
command will
be combined, using a logical AND operational method, with the values the Switch finds in
the specified frame header fields. Specific values for the rules are entered using the
config cpu access_profile
command, below.
Syntax
config cpu access_profile profile_id <value 1-5> [add access_id <value 1-65535>
[ethernet {vlan <vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | ethernet_type <hex 0x0-0xffff>} [permit | deny] | ip {vlan <vlan_name
32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type
<value 0-255> code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port
<value 0-65535> | dst_port <value 0-65535> | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255>
{user_define <hex 0x0-0xffffffff>}]} [permit | deny] | packet_content {offset_0-15
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>|
offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}[permit | deny] | delete access_id <value 1-
65535>]
Description
The
config cpu access_profile
command is used to configure a CPU access profile for
CPU Interface Filtering and to enter specific values that will be combined, using a logical
AND operational method, with masks entered with the
create cpu access_profile
command, above.
Parameters
profile_id <value 1-5>
−
Enter an integer used to identify the access profile that will be
configured with this command. This value is assigned to the access profile when it is
created with the
create cpu access_profile
command. The profile ID sets the relative
priority for the profile and specifies an index number that will identify the access profile
being created with this command. Priority is set relative to other profiles where the lowest
profile ID has the highest priority.
add access_id <value 1-65535>
−
Adds an additional rule to the above specified access
profile. The value is used to index the rule created.
ethernet
−
Specifies that the Switch will look only into the layer 2 part of each packet.
•
vlan <vlan_name 32>
−
Specifies that the access profile will apply to only to this
VLAN.
•
source_mac <macaddr>
−
Specifies that the access profile will apply to this
source MAC address.
•
destination_mac <macaddr>
−
Specifies that the access profile will apply to this
destination MAC address.
•
ethernet_type <hex 0x0-0xffff>
−
Specifies that the access profile will apply only
to packets with this hexadecimal 802.1Q Ethernet type value in the packet
header.
ip
−
Specifies that the Switch will look into the IP fields in each packet.
•
vlan <vlan_name 32>
−
Specifies that the access profile will apply to only this
VLAN.
•
source_ip <ipaddr>
−
Specifies that the access profile will apply to only packets
with this source IP address.
•
destination_ip <ipaddr>
−
Specifies that the access profile will apply to only
packets with this destination IP address.
•
dscp <value 0-63>
−
Specifies that the access profile will apply only to packets
that have this value in their Type-of-Service (DiffServ code point, DSCP) field in
their IP packet header
icmp
−
Specifies that the Switch will examine the Internet Control Message Protocol
(ICMP) field within each packet.