DGS-3212SR Layer 3 Gigabit Switch
25
A
CCESS
C
ONTROL
L
IST
(ACL) C
OMMANDS
The DGS-3212SR implements Access Control Lists that enable the switch to deny network access to specific devices or device
groups based on IP settings or MAC address. The ACL commands in the Command Line Interface (CLI) are listed (along with
the appropriate parameters) in the following table.
Command Parameters
create access_profile
[ ethernet{ vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type}| ip { vlan |
source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [ icmp {type | code } | igmp {type } | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>|
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>} | protocol_id {user_mask <hex 0x0-
0xffffffff>} ]}|packet_content_mask{offset_0-15 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_16-31 <hex0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_48-63
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_64-79 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff>}]{port[<portlist>|all]}[profile_id
<value 1-255>]
delete access_profile
profile_id
<value 1-255>
config access_profile
profile_id
<value 1-255>[ add access_id <value 1-255>[ ethernet { vlan
<vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff> }[ permit { priority <value 0-7> { replace_priority}} | deny ]|
ip{ vlan <vlan_name 32> | source_ip <ipaddr> |
destination_ip <ipaddr> | dscp <value 0-63> |[ icmp {type
<value 0-255> code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-
65535> | flag_mask [all | {urg | ack | psh | rst| syn | fin}]} | udp
{src_port <value 0-65535> | dst_port <value 0-65535>}|
protocol_id <value 0 - 255> {user_define <hex 0x0-
0xffffffff>}]}[ permit{priority <value 0-7> { replace_priority} |
replace_dscp <value 0-63> } | deny ]|packet_content{offset_0-15
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> |offset_64-79 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff>}[ permit{ priority <value 0-7> } | deny ] ]| delete
access_id <value 1-255> ]
show access_profile
{profile_id <value 1-255>}
Access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on the
information contained in each packet’s header. These criteria can be specified on a VLAN-by-VLAN basis.
207
Содержание DGS-3212SR
Страница 2: ......
Страница 4: ......
Страница 12: ......
Страница 24: ...DGS 3212SR Layer 3 Gigabit Switch Enter Displays the next line or table entry 12 ...
Страница 113: ...DGS 3212SR Layer 3 Gigabit Switch To view the IP forwarding database table 101 ...
Страница 260: ...DGS 3212SR Layer 3 Gigabit Switch 248 ...
Страница 263: ...DGS 3212SR Layer 3 Gigabit Switch 251 ...
