Filter
Top Products
DGS-3100 Series Gigabit Stackable Managed Switch CLI Manual
21
5
create access_profile (for IPv6)
field.
type – Specifies that the Switch examine each frame’s Type field.
tcp – Specifies that the Switch examines each frames protocol field
and its value must be 6 (Transmission Control Protocol-TCP) for the
action to take place.
src_port_mask <hex 0x0-0xffff> – Specifies a TCP port mask for the
source port.
dst_port_mask <hex 0x0-0xffff> – Specifies a TCP port mask for the
destination port.
flag_mask {+ | –} {urg | ack | psh | rst | syn | fin } – Specifies the
appropriate flag_mask parameter. All incoming packets have TCP
flag bits associated with them which are parts of a packet that
determine what to do with the packet. The user may deny packets
by denying certain flag bits within the packets. The user may choose
between all, urg (urgent), ack (acknowledgement), psh (push), rst
(reset), syn (synchronize) and fin (finish).
udp – Specifies that the Switch examines each frame’s protocol field
and it’s value must be 17 (User Datagram Protocol-UDP) in order
for the action to take place..
src_port_mask <hex 0x0-0xffff> – Specifies a UDP port mask for the
source port.
dst_port_mask <hex 0x0-0xffff> – Specifies a UDP port mask for the
destination port.
Restrictions Only administrator or operate-level users can issue this command.
Example usage:
To create an IPv6 access profile:
DGS3100# create access_profile profile_id 2 ip source_ip_mask 20.0.0.0
destination_ip_mask 10.0.0.0 class icmp type
Success.
DGS3100#
config access_profile (for Ethernet)
Purpose To configure the Ethernet access profile on the Switch and to define
specific values for the rules that to be used to by the Switch to
determine if a given packet should be forwarded or filtered. Masks
entered using the create access_profile command will be
combined, using a logical AND operational method, with the values
the Switch finds in the specified frame header fields.
Syntax
config access_profile profile_id <value 1-15> [add access_id
[auto assign | <value 1-240>] [ethernet {vlan <vlan_name 32> |
source_mac <macaddr 00:00:00:00:00:00-ff:ff:ff:ff:ff:ff > |
destination_mac <macaddr 00:00:00:00:00:00-ff:ff:ff:ff:ff:ff > |
802.1p <value 0-7> | ethernet_type <hex 0x05dd-0xffff>} ports
<portlist> [permit {replace_priority <value 0-7> | replace_dscp
<value 0-63> | rate_limit <value 64-1000000>} | deny]
{time_range <range_name 32>}