xStack Gigabit Layer 3 Switch Command Line Interface Manual
config access_profile profile_id (for Ethernet)
the Switch.
replace_dscp <value 0-63>
−
Allows you to specify a value to be
written to the DSCP field of an incoming packet that meets the
criteria specified in the first part of the command. This value will
over-write the value in the DSCP field of the packet.
deny
– Specifies that packets that do not match the access profile
are not permitted to be forwarded by the Switch and will be filtered.
delete access_id <value 1-100>
−
Use this command to delete a
specific rule from the Ethernet profile. Up to 100 rules may be
specified for the Ethernet access profile.
Restrictions Only
administrator-level users can issue this command.
Example usage:
To configure a rule for the Ethernet access profile:
DGS-3324SRi:4#
DGS-3324SRi:4#config access profile profile_id 1 add access_id 1
ethernet vlan Trinity 802.1p 1 port 1:1 permit priority 1 replace priority
Command: config access profile profile_id 1 add access_id 1 ethernet
vlan Trinity 802.1p 1 port 1:1 permit priority 1 replace priority
Success.
create access_profile (IP)
Purpose
Used to create an access profile on the Switch by examining the IP
part of the packet header. Masks entered can be combined with the
values the Switch finds in the specified frame header fields. Specific
values for the rules are entered using the
config access_profile
command, below.
Syntax
create access_profile ip {vlan | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} |
igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh
| rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-xffff>} | protocol_id {user _mask <hex
0x0-0xffffffff>}]} profile_id <value 1-8>}
Description
This command will allow the user to create a profile for packets that
may be accepted or denied by the Switch by examining the IP part of
the packet header. Specific values for rules pertaining to the IP part
of the packet header may be defined by configuring the
config
access_profile
command for IP, as stated below.
Parameters
ip
- Specifies that the Switch will look into the IP fields in each packet
with special emphasis on one or more of the following:
•
vlan
−
Specifies a VLAN mask.
•
source_ip_mask <netmask>
−
Specifies an IP address mask
for the source IP address.
223