D-Link DES-3200 Switch User Manual


 
xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
217
config cpu access_profile
src_port <value 0-65535> Specifies that the access profile will apply only to packets that
have this UDP source port in their header.
dst_port <value 0-65535> Specifies that the access profile will apply only to packets that
have this UDP destination port in their header.
protocol_id <value 0-255> Specifies that the Switch will examine the protocol field in
each packet, and if this field contains the value entered here, apply the following rules:
user_define_mask <hex 0x0-0xffffffff> Specifies that the rule applies to the IP protocol ID
and the mask options behind the IP header.
ipv6 – Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering
based on the rules configured in the config access_profile command for IPv6. IPv6
packets may be identified by the following:
class <value 0-255>– Entering this parameter will instruct the Switch to examine the class
field of the IPv6 header that is similar to the Type of Service (ToS) or Precedence bits field
in Ipv4.
flowlabel <hex 0x0-fffff> – Entering this parameter will instruct the Switch to examine the
flow label field of the IPv6 header. This flow label field is used by a source to label
sequences of packets such as non-default quality of service or real-time service packets.
source_ipv6_mask <ipv6mask> Specifies an IP address mask for the source IPv6
address.
destination_ipv6_mask <ipv6mask> Specifies an IP address mask for the destination
IPv6 address.
packet_content_mask – Specifies that the Switch will mask the packet header beginning
with the offset value specified as follows:
offset_0-76 - Enter a value in hex form to mask the packet from byte 0 to byte 76.
<portlist> Specifies a port or range of ports to be configured.
permit | deny – Specify that the packet matching the criteria configured with command will
either be permitted entry to the cpu or denied entry to the CPU.
time_range <range_name 32> – Choose this parameter and enter the name of the Time
Range settings that has been previously configured using the config time_range
command. This will set specific times when this access rule will be enabled or disabled on
the Switch.
delete access_id <value 1-5> Use this to remove a previously created access rule in a
profile ID.
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To configure CPU access list entry:
DES-3200-
28:4#config cpu access_profile profile_id 3 add access_id 1 ip vlan default
source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port all deny
Command: config cpu access_profile profile_id 3 add access_id 1 ip vlan default source_ip
20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port all deny
Success.
DES-3200-28:4#
delete cpu access_profile
Purpose
Used to delete a previously created CPU access profile.
Syntax
delete cpu access_profile profile_id <value 1-3>
Description
This command is used to delete a previously created CPU access profile.
Parameters
profile_id <value 1-3> Enter an integer between 1 and 3 that is used to
identify the CPU access profile to be deleted with this command. This value