xStack DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
232
create access_profile (IP)
Parameters
(TCP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a TCP port mask for the destination
port.
•
flag_mask [all | {urg | ack | psh | rst | syn | fin}]
– Enter the appropriate flag_mask
parameter. All incoming packets have TCP port numbers contained in them as the
forwarding criterion. These numbers have flag bits associated with them which are
parts of a packet that determine what to do with the packet. The user may deny
packets by denying certain flag bits within the packets. The user may choose
between
all
,
urg
(urgent),
ack
(acknowledgement),
psh
(push),
rst
(reset),
syn
(synchronize) and
fin
(finish).
•
udp
−
Specifies that the Switch will examine each frame’s User Datagram Protocol
(UDP) field.
•
src_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for the source port.
•
dst_port_mask <hex 0x0-0xffff>
−
Specifies a UDP port mask for the destination
port.
•
protocol_id_mask
−
Specifies that the Switch will examine each frame’s Protocol ID
field.
•
<hex 0x0-0xff> -
Enter a hexidecimal value that will identify the protocol to be
discovered in the packet header.
•
user_define <hex 0x0-0xffffffff>
−
Enter a hexidecimal value that will identify the
user defined protocol to be discovered in the packet header.
Restrictions
Only administrator-level and operator-level users can issue this command.
Example usage:
To configure a rule for the IP access profile:
DGS-3627:5# create access_profile profile_id 2 ip protocol_id_mask 0xFF
Command: create access_profile profile_id 2 ip protocol_id_mask 0xFF
Success.
DGS-3627:5#
config access_profile (IP)
Purpose
Used to configure the IP access profile on the Switch and to define specific values for the
rules that will be used to by the Switch to determine if a given packet should be forwarded or
filtered. Masks entered using the
create access_profile
command will be combined, using a
logical AND operational method, with the values the Switch finds in the specified frame
header fields.
Syntax
config access_profile profile_id <value 1-14> [add access_id [auto_assign | <value 1-
128> ip {source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp |
igmp | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst |
syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id
<value 0-255> {user_define <hex 0x0-0xffffffff}]} | port [<portlist> | all] [permit {priority
<value 0-7> {replace_priority} | rx_rate {no_limit | <value 1-156249>]} | counter [enable |
disable]} | mirror | deny] {time_range <range_name 32>} | delete access_id <value 1-
128>]
Description
This command is used to define the rules used by the Switch to either filter or forward
packets based on the IP part of each packet header.
Parameters
profile_id <value 1-14>
- Enter an integer between
1
and
14
that is used to identify the
access profile that will be configured with this command. This value is assigned to the access
profile when it is created with the
create access_profile
command. The lower the profile ID,
the higher the priority the rule will be given.