xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch CLI Manual
create access_profile (IP)
mask for the destination port.
•
protocol_id
−
Specifies that the Switch will examine each
frame’s Protocol ID field.
•
user_define <hex 0x0-0xfffffff>
−
Enter a hexidecimal value
that will identify the protocol to be discovered in the packet
header.
Restrictions Only
administrator-level users can issue this command.
Example usage:
To configure a rule for the Ethernet access profile:
DES-6500:4#create access_profile ip protocol_id profile_id 2
Command: create access_profile ip protocol_id profile_id 2
Success.
DES-6500:4#
config access_profile profile_id (IP)
Purpose
Used to configure the IP access profile on the Switch and to define
specific values for the rules that will be used to by the Switch to
determine if a given packet should be forwarded or filtered. Masks
entered using the
create access_profile
command will be
combined, using a logical AND operational method, with the values
the Switch finds in the specified frame header fields.
Syntax
config access_profile profile_id <value 1-8> [add access_id
<value 1-65535> ip {vlan <vlan_name 32> | source_ip <ipaddr> |
destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value
0-255> code <value 0-255>} | igmp {type <value 0-255>} | tcp
{src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack
| psh | rst | syn | fin} | udp {src_port <value 0-65535> | dst_port
<value 0-65535>} | protocol_id <value 0 - 255> {user_define
<hex 0x0-0xffffffff>}]} port <port> [permit {priority <value 0-7>
{replace_priority} | replace_dscp <value 0-63>} | deny] delete
<value 1-65535>]
Description
This command is used to define the rules used by the Switch to
either filter or forward packets based on the IP part of each packet
header.
Parameters
profile_id <value 1-8>
- Enter an integer between 1 and 8 that is
used to identify the access profile that will be configured with this
command. This value is assigned to the access profile when it is
created with the
create access_profile
command. The lower the
profile ID, the higher the priority the rule will be given.
add access_id <value 1-65535>
- Adds an additional rule to the
above specified access profile. The value specifies the relative
priority of the additional rule. Up to 65535 different rules may be
configured for the IP access profile.
ip
−
Specifies that the Switch will look into the IP fields in each
217