Filter
Top Products
xStack DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
227
create access_profile (for Ethernet)
Purpose Used to create an access profile on the Switch by examining the Ethernet part of the packet
header. Masks entered can be combined with the values the Switch finds in the specified
frame header fields. Specific values for the rules are entered using the config
access_profile command, below.
Syntax
create access_profile profile_id <value 1-14> [ethernet {vlan | source_mac <macmask
000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> |
802.1p | ethernet_type}
Description This command will allow the user to create a profile for packets that may be accepted or
denied by the Switch by examining the Ethernet part of the packet header. Specific values for
rules pertaining to the Ethernet part of the packet header may be defined by configuring the
config access_profile command for Ethernet, as stated below.
Parameters profile_id <value 1-14> - Specifies an index number between 1 and 14 that will identify the
access profile being created with this command.
ethernet - Specifies that the Switch will examine the layer 2 part of each packet header with
emphasis on one or more of the following:
• vlan − Specifies that the Switch will examine the VLAN part of each packet header.
• source_mac <macmask> − Specifies a MAC address mask for the source MAC
address. This mask is entered in the following hexadecimal format: 000000000000-
FFFFFFFFFFFF
• destination_mac <macmask> − Specifies a MAC address mask for the destination MAC
address in the following format: 000000000000-FFFFFFFFFFFF
• 802.1p − Specifies that the Switch will examine the 802.1p priority value in the frame’s
header.
• ethernet_type − Specifies that the Switch will examine the Ethernet type value in each
frame’s header.
Restrictions Only administrator-level users can issue this command.
Example usage:
To create an Ethernet access profile:
DGS-3600:4# create access_profile profile_id 1 ethernet vlan 802.1p
Command: create access_profile profile_id 1 ethernet vlan 802.1p
Success.
DGS-3600:4#
config access_profile (for Ethernet)
Purpose Used to configure the Ethernet access profile on the Switch and to define specific values
for the rules that will be used to by the Switch to determine if a given packet should be
forwarded or filtered. Masks entered using the create access_profile command will be
combined, using a logical AND operational method, with the values the Switch finds in the
specified frame header fields.
Syntax
profile_id <value 1-14> [add access_id [auto_assign | <value 1-128> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> | destination_mac
<macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff>} | [permit | deny] | port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate {no_limit | <value 1-156249>]} | counter [enable | disable]}
| mirror | deny] | delete access_id <value 1-128>]
Description This command is used to define the rules used by the Switch to either filter or forward
packets based on the Ethernet part of each packet header.
Parameters profile_id <value 1-14> - Enter an integer between 1 and 14 that is used to identify the
fil th t ill b fi d ith thi d Thi l i i d t th