DGS-3312SR Layer 3 Gigabit Switch
187
create access_profile ip source_ip_mask 255.255.255.0 profile_id 1
Here we have created an access profile that will examine the IP field of each frame received by the switch. Each source IP
address the switch finds will be combined with the
source_ip_mask
with a logical AND operation. The
profile_id
parameter is
used to give the access profile an identifying number
−
in this case,
1
. The
deny
parameter instructs the switch to filter any
frames that meet the criteria
−
in this case, when a logical AND operation between an IP address specified in the next step and
the
ip_source_mask
match.
The default for an access profile on the switch is to
permit
traffic flow. If you want to restrict traffic, you must use the
deny
parameter.
Now that an access profile has been created, you must add the criteria the switch will use to decide if a given frame should be
forwarded or filtered. Here, we want to filter any packets that have an IP source address between 10.42.73.0 and 10.42.73.255:
config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 deny
Here we use the
profile_id 1
which was specified when the access profile was created. The
add
parameter instructs the switch
to add the criteria that follows to the list of rules that are associated with access profile 1. For each rule entered into the access
profile, you can assign an
access_id
that both identifies the rule and establishes a priority within the list of rules. A lower
access_id
gives the rule a higher priority.
The
ip
parameter instructs the switch that this new rule will be applied to the IP addresses contained within each frame’s header.
source_ip
tells the switch that this rule will apply to the source IP addresses in each frame’s header. Finally, the IP address
10.42.73.1
will be combined with the
source_ip_mask
255.255.255.0
to give the IP address 10.42.73.0 for any source IP
address between 10.42.73.0 to 10.42.73.255.
Each command is listed, in detail, in the following sections.
NOTE:
As a stand-alone switch or as a master switch in a switch stack,
the switch number will be referred to as 15 for all configurations, graphs
and tables.
create access_profile
Purpose
Used to create an access profile on the switch and to define which parts of
each incoming frame’s header the switch will examine. Masks can be
entered that will be combined with the values the switch finds in the
specified frame header fields. Specific values for the rules are entered
using the
config access_profile
command, below.
Syntax
[ethernet {vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type} | ip {vlan | source_ip_mask
<netmask> | destination_ip_mask <netmask> | dscp | [icmp {type |
code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst
| syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask
<hex 0x0-0xffff>} | protocol_id {user_mask <hex 0x0-0xffffffff>}]} |
packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff>}] {port [<portlist> | all]} [profile_id
<value 1-255>]
Description
The
create access_profile
command is used to create an access profile
on the switch and to define which parts of each incoming frame’s header
Содержание DGS-3312SR
Страница 2: ......
Страница 4: ......
Страница 57: ...DGS 3312SR Layer 3 Gigabit Switch 51 DGS 3312SR 4 disable rmon Command disable rmon Success DGS 3312SR 4...
Страница 305: ...DGS 3312SR Layer 3 Gigabit Switch 3 www dlink co uk...