xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
209
To create an access list rule:
DES-3200-28:4#create access_profile ip vlan source_ip_mask 20.0.0.0
destination_ip_mask 10.0.0.0 dscp icmp profile_id 101
Command: create access_profile ip vlan source_ip_mask 20.0.0.0
destination_ip_mask 10.0.0.0 dscp icmp permit profile_id 101
Success.
DES-3200-28:4#
delete access_profile
Purpose
Used to delete a previously created access profile.
Syntax
delete access_profile [profile_id <value 1-512> | all ]
Description
This command is used to delete a previously created access profile
on the Switch.
Parameters
profile_id <value 1-512> − Enter an integer between 1 and 512 that
is used to identify the access profile that will be deleted with this
command. This value is assigned to the access profile when it is
created with the create access_profile command. The user may
enter a profile ID number between 1 and 512.
all − Specifies all access list profiles will be deleted.
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To delete the access profile with a profile ID of 1:
DES-3200-28:4# delete access_profile profile_id 1
Command: delete access_profile profile_id 1
Success.
DES-3200-28:4#
config access_profile
Purpose
Used to configure an access profile on the Switch and to define specific values that will be
used to by the Switch to determine if a given packet should be forwarded or filtered. Masks
entered using the create access_profile command will be combined, using a logical AND
operational method, with the values the Switch finds in the specified frame header fields.
Specific values for the rules are entered using the config access_profile command, below.
Syntax
config access_profile [profile_id <value 1-512>] [add access_id [auto_assign | <value 1-
65535>] [ethernet {[vlan <vlan_name 32> | vlan_id <vid> ] {mask <hex 0x0-0x0fff>} |
source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask
<macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} (1) | ip {[vlan <vlan_name
32> | vlan_id <vid>] {mask <hex 0x0-0x0fff>} | source_ip <ipaddr> {mask <netmask> } |
destination_ip <ipaddr> {mask <netmask>} | dscp <value 0-63> | [ icmp {type <value 0-255>
code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value 0-65535> {mask <hex
0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>} | flag [all | { urg | ack | psh | rst |
syn | fin } (1) ] } | udp {src_port <value 0-65535> | dst_port <value 0-65535> } | protocol_id
<value 0-255> } (1) ] } | packet_content {destination_mac <macaddr>{mask<macmask>} |
source_mac <macaddr> {mask <macmask>} | c_tag <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} |
s_tag <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset1 <hex 0x0-0xffff> {mask <hex 0x0-
0xffff>} | offset2 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset3 <hex 0x0-0xffff> {mask <hex
0x0-0xffff>} | offset4 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset5 <hex 0x0-0xffff> {mask
<hex 0x0-0xffff>} | offset6 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset7 <hex 0x0-0xffff>
{mask <hex 0x0-0xffff>} | offset8 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset9 <hex 0x0-