D-Link DES-3200 Switch User Manual


 
xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
207
users can assign an access_id that identifies the rule within the list of rules. The access_id is an index number only and does not
effect priority within the profile_id. This access_id may be used later if users want to remove the individual rule from the profile.
The ip parameter instructs the Switch that this new rule will be applied to the IP addresses contained within each frame’s header.
source_ip tells the Switch that this rule will apply to the source IP addresses in each frame’s header. The IP address 10.42.73.1
will be combined with the source_ip_mask 255.255.255.0 to give the IP address 10.42.73.0 for any source IP address between
10.42.73.0 to 10.42.73.255. Finally the restricted port - port number 7 - is specified.
Each command is listed, in detail, in the following sections:
create access_profile
Purpose
Used to create an access profile on the Switch and to define which parts of each incoming
frame’s header the Switch will examine. Masks can be entered that will be combined with the
values the Switch finds in the specified frame header fields. Specific values for the rules are
entered using the config access_profile command, below.
Syntax
create access_profile [ethernet {vlan {<hex 0x0-0x0fff>} | source_mac <macmask> |
destination_mac <macmask> | 802.1p | ethernet_type} (1) | ip { vlan {<hex 0x0-0x0fff>} |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [ icmp { type | code } |
igmp {type} | tcp { src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> |
flag_mask [ all | { urg | ack | psh | rst | syn | fin } (1) ] } | udp { src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask<0x0-0xff> ] } (1) | packet_content_mask
{destination_mac <macmask> | source_mac <macmask> | c_tag <hex 0x0-0xffff> | s_tag
<hex 0x0-0xffff> | offset1 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset2 [l2 | l3 | l4] <value
0-31> <hex 0x0-0xffff> | offset3 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset4 [l2 | l3 | l4]
<value 0-31> <hex 0x0-0xffff> | offset5 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset6 [l2 |
l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset7 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> |
offset8 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset9 [l2 | l3 | l4] <value 0-31> <hex 0x0-
0xffff> | offset10 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset11 [l2 | l3 | l4] <value 0-31>
<hex 0x0-0xffff> } (1) ] | ipv6 {class | flowlabel | source_ipv6_mask< ipv6mask ::-
::FFF:FFFF:FFFF> [ tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} |
udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> } ] } ] profile_id <value
1-512>
Description
This command is used to create an access profile on the Switch and to define which parts of
each incoming frame’s header the Switch will examine. Masks can be entered that will be
combined with the values the Switch finds in the specified frame header fields. Specific values
for the rules are entered using the config access_profile command, below.
Parameters
ethernet Specifies that the Switch will examine the layer 2 part of each packet header.
vlan Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
source_mac <macmask> Specifies a MAC address mask for the source MAC address.
This mask is entered in a hexadecimal format.
destination_mac <macmask> Specifies a MAC address mask for the destination MAC
address.
802.1p Specifies that the Switch will examine the 802.1p priority value in the frame’s
header.
ethernet_type Specifies that the Switch will examine the Ethernet type value in each
frame’s header.
ip Specifies that the Switch will examine the IP fields in each frame’s header.
vlan Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
source_ip_mask <netmask> Specifies an IP address mask for the source IP address.
destination_ip_mask <netmask> Specifies an IP address mask for the destination IP
address.
dscp Specifies that the Switch will examine the DiffServ Code Point (DSCP) field in each
frame’s header.
icmp Specifies that the Switch will examine the Internet Control Message Protocol
(ICMP) field in each frame’s header.
type Specifies that the Switch will examine each frame’s ICMP Type field.
code Specifies that the Switch will examine each frame’s ICMP Code field.
igmp
Specifies that the Switch will examine each frame’s Internet Group Management