xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch CLI Manual
create access_profile (IP)
0x0-0xffff> | dst_port_mask <hex 0x0-xffff>} | protocol_id {user
_mask <hex 0x0-0xffffffff>}]}
Description
This command will allow the user to create a profile for packets that
may be accepted or denied by the Switch by examining the IP part of
the packet header. Specific values for rules pertaining to the IP part
of the packet header may be defined by configuring the
config
access_profile
command for IP, as stated below.
Parameters
profile_id <value 1-8>
- Specifies an index number between 1 and 8
that will identify the access profile being created with this command.
ip
- Specifies that the Switch will look into the IP fields in each packet
with special emphasis on one or more of the following:
•
vlan
−
Specifies a VLAN mask.
•
source_ip_mask <netmask>
−
Specifies an IP address mask
for the source IP address.
•
destination_ip_mask <netmask>
−
Specifies an IP address
mask for the destination IP address.
•
dscp
−
Specifies that the Switch will examine the DiffServ
Code Point (DSCP) field in each frame’s header.
•
icmp
−
Specifies that the Switch will examine the Internet
Control Message Protocol (ICMP) field in each frame’s header.
•
type
−
Specifies that the Switch will examine each frame’s
ICMP Type field.
•
code
−
Specifies that the Switch will examine each frame’s
ICMP Code field.
•
igmp
−
Specifies that the Switch will examine each frame’s
Internet Group Management Protocol (IGMP) field.
•
type
−
Specifies that the Switch will examine each frame’s
IGMP Type field.
•
tcp
−
Specifies that the Switch will examine each frames
Transport Control Protocol (TCP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port
mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port
mask for the destination port.
•
flag_mask [all | {urg | ack | psh | rst | syn | fin}]
– Enter the
appropriate flag_mask parameter. All incoming packets have
TCP port numbers contained in them as the forwarding
criterion. These numbers have flag bits associated with them
which are parts of a packet that determine what to do with the
packet. The user may deny packets by denying certain flag bits
within the packets. The user may choose between
all
,
urg
(urgent),
ack
(acknowledgement),
psh
(push),
rst
(reset),
syn
(synchronize) and
fin
(finish).
•
udp
−
Specifies that the Switch will examine each frame’s
Universal Datagram Protocol (UDP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port
mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port
216