xStack Gigabit Layer 3 Switch Command Line Interface Manual
25
A
CCESS
C
ONTROL
L
IST
(ACL) C
OMMANDS
The xStack family of switches implement Access Control Lists that enable the Switch to deny network access to specific devices
or device groups based on IP settings, MAC address, packet content and IPv6 settings.
Command Parameters
create access_profile
[ethernet {vlan | source_mac <macmask 000000000000-ffffffffffff>
| destination_mac <macmask 000000000000-ffffffffffff> | 802.1p |
ethernet_type} | ip {vlan | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp
{type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex
0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-xffff>}
| protocol_id {user _mask <hex 0x0-0xffffffff> }]} |
packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class | flowlabel |
source_ipv6_mask <ipv6mask> | destination_ipv6_mask
<ipv6mask>}] profile_id <value 1-8>}
delete access_profile
profile_id
<value 1-8>
config access_profile
profile_id
<value 1-8> [add access_id <value 1-100> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr 000000000000-
ffffffffffff> | destination_mac <macaddr 000000000000-ffffffffffff> |
802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} port <port>
[permit {priority <value 0-7> {replace_priority} | replace_dscp
<value 0-63> } | deny] | ip {vlan <vlan_name 32> | source_ip
<ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp
{type <value 0-255> code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535>
| urg | ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> |
dst_port <value 0-65535>} | protocol_id <value 0 - 255>
{user_define <hex 0x0-0xffffffff> }]} port <port> [permit {priority
<value 0-7> {replace_priority} | replace_dscp <value 0-63> } |
deny] | packet_content {offset_0-15 <hex0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff><hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex0x0-0xffffffff>} port <port> [permit { priority
<value 0-7> {replace_priority} | replace_dscp <value 0-63> } |
deny] | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> |
source_ipv6 <ipv6addr> | destionation_ipv6 <ipv6addr>} port
<port> [permit {priority <value 0-7> {replace_priority} } | deny] |
delete <value 1-100>]
show access_profile
{profile_id <value 1-8>}
218