xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual
83
Parameter Description
Profile ID (1-255)
Type in a unique identifier number for this profile set. The number is used to set the relative
priority for the profile. Priority is set relative to other profiles where the lowest profile ID has the
highest priority. If a conflict occurs among configured access rules, the profile ID establishes
relative priority of the rules. The value can be set from
1
to
255
however there is a limit to the
total number of profiles that can be created.
Type
Select profile based on Ethernet (MAC Address), IP address or packet content mask. This will
change the menu according to the requirements for the type of profile.
•
Select
Ethernet
to instruct the Switch to examine the layer 2 part of each packet
header.
•
Select
IP
to instruct the Switch to examine the IP address in each frame's header.
•
Select
Packet Content Mask
to specify a mask to hide the content of the packet
header.
VLAN
Selecting this option instructs the Switch to examine the VLAN part of each packet header and
use this as the, or part of the criterion for forwarding.
Source IP Mask
Enter an IP address mask for the source IP address.
Destination IP Mask
Enter an IP address mask for the destination IP address.
DSCP
Selecting this option instructs the Switch to examine the DiffServ Code part of each packet
header and use this as the, or part of the criterion for forwarding.
Protocol
Selecting this option instructs the Switch to examine the protocol type value in each frame's
header. You must then specify what protocol(s) to include according to the following
guidelines:
Select
ICMP
to instruct the Switch to examine the Internet Control Message Protocol (ICMP)
field in each frame's header.
•
Select
Type
to further specify that the access profile will apply an ICMP type value,
or specify Code to further specify that the access profile will apply an ICMP code
value.
Select
IGMP
to instruct the Switch to examine the Internet Group Management Protocol
(IGMP) field in each frame's header.
•
Select
Type
to further specify that the access profile will apply an IGMP type value
Select
TCP
to use the TCP port number contained in an incoming packet as the forwarding
criterion. Selecting TCP requires that you specify a source port mask and/or a destination port
mask. The user may also identify which flag bits to deny. Flag bits are parts of a packet that
determine what to do with the packet. The user may deny packets by denying certain flag bits
within the packets, by checking the boxes corresponding to the flag bits of the TCP field. The
user may choose between urg (urgent), ack (acknowledgement), psh (push), rst (reset), syn
(synchronize), fin (finish).
•
src port mask
- Specify a TCP port mask for the source port in hex form (hex 0x0-
0xffff), which you wish to deny.
•
dest port mask
- Specify a TCP port mask for the destination port in hex form (hex
0x0-0xffff) which you wish to deny.
Select
UDP
to use the UDP port number contained in an incoming packet as the forwarding
criterion. Selecting UDP requires that you specify a source port mask and/or a destination port
mask.
•
src port mask
- Specify a TCP port mask for the source port in hex form (hex 0x0-
0xffff).
•
dest port mask
- Specify a TCP port mask for the destination port in hex form (hex
0x0-0xffff).
protocol id
- Enter a value defining the protocol ID in the packet header to mask. Specify up to
5, Layer 4 port masks for the destination port in hex form (hex 0x0-0xffffffff).
The window shown below is the
Access Profile Configuration
window for Packet Content Mask.