Filter
Top Products
DGS-3100 Series Gigabit Stackable Managed Switch CLI Manual
21
3
the Switch finds in the specified frame header fields. Specific values
for the rules are entered using the config access_profile
command, below.
Syntax
profile_id <value 1-15> ip [ icmp { type | code } | igmp { type } |
tcp { src_port_mask < hex 0x0–0xffff > | dst_port_msk <hex
0x0-0xffff> | flag_mask }{+| –} {urg | ack | psh | rst | syn | fin }} |
udp { src_port_mask < hex 0x0–0xffff > | dst_port_msk <hex
0x0-0xffff> } ] { source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp }
Description The create access_profile command creates a profile for packets
that may be accepted or denied by the Switch by examining the IP
part of the packet header. Specific values for rules pertaining to the
IP part of the packet header may be defined by configuring the
config access_profile command for IP, as stated below.
Parameters profile_id <value 1-15> – Specifies an index number between 1 and
15 that identifies the access profile being created with this
command.
ip - Specifies that the Switch examines the IP fields in each packet
with special emphasis on one or more of the following:
source_ip_mask <netmask> – Specifies an IP address mask
for the source IP address.
destination_ip_mask <netmask> – Specifies an IP address
mask for the destination IP address.
dscp – Specifies that the Switch examines the DiffServ
Code Point (DSCP) field in each frame’s header.
icmp – Specifies that the Switch examines the Protocol field
in each frame’s IP header , and that the value must be 1
(Internet Control Message Protocol- ICMP) for the action to
take place.
type – Specifies that the Switch examines each frame’s
ICMP Type field.
code – Specifies that the Switch examines each frame’s
ICMP Code field.
igmp – Specifies that the Switch examine each frame’s
protocol field and it must be 2 (Internet Group Management
Protocol-IGMP) for the action to take place.
type – Specifies that the Switch examine each frame’s
IGMP Type field.
tcp – Specifies that the Switch examines each frames
protocol field and its value must be 6 (Transmission Control
Protocol-TCP) for the action to take place.
src_port_mask <hex 0x0-0xffff> – Specifies a TCP port
mask for the source port.
dst_port_mask <hex 0x0-0xffff> – Specifies a TCP port
mask for the destination port.
flag_mask {+ | –} {urg | ack | psh | rst | syn | fin } –
Specifies the appropriate flag_mask parameter. All
incoming packets have TCP flag bits associated with
them which are parts of a packet that determine what to
do with the packet. The user may deny packets by
denying certain flag bits within the packets. The user
may choose between all, urg (urgent), ack
(acknowledgement), psh (push), rst (reset), syn
(synchronize) and fin (finish).