Support User Manuals

D-Link DGS-3600 Switch User Manual

Open as PDF

of 410

xStack DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

230

create access_profile (IP)

Parameters

• igmp − Specifies that the Switch will examine each frame’s Internet Group

Management Protocol (IGMP) field.

• type − Specifies that the Switch will examine each frame’s IGMP Type

field.

• tcp − Specifies that the Switch will examine each frames Transport Control Protocol

(TCP) field.

• src_port_mask <hex 0x0-0xffff> − Specifies a TCP port mask for the source port.

• dst_port_mask <hex 0x0-0xffff> − Specifies a TCP port mask for the destination

port.

• flag_mask [all | {urg | ack | psh | rst | syn | fin}] – Enter the appropriate flag_mask

parameter. All incoming packets have TCP port numbers contained in them as the

forwarding criterion. These numbers have flag bits associated with them which are

parts of a packet that determine what to do with the packet. The user may deny

packets by denying certain flag bits within the packets. The user may choose

between all, urg (urgent), ack (acknowledgement), psh (push), rst (reset), syn

(synchronize) and fin (finish).

• udp − Specifies that the Switch will examine each frame’s User Datagram Protocol

(UDP) field.

• src_port_mask <hex 0x0-0xffff> − Specifies a UDP port mask for the source port.

• dst_port_mask <hex 0x0-0xffff> − Specifies a UDP port mask for the destination

port.

• protocol_id_mask − Specifies that the Switch will examine each frame’s Protocol ID

field.

• <hex 0x0-0xff> - Enter a hexidecimal value that will identify the protocol to be

discovered in the packet header.

• user_define <hex 0x0-0xffffffff> − Enter a hexidecimal value that will identify the

user defined protocol to be discovered in the packet header.

Restrictions Only administrator-level users can issue this command.

Example usage:

To configure a rule for the IP access profile:

DGS-3600:4# create access_profile profile_id 2 ip protocol_id_mask 0xFF

Command: create access_profile profile_id 2 ip protocol_id_mask 0xFF

Success.

DGS-3600:4#

config access_profile (IP)

Purpose Used to configure the IP access profile on the Switch and to define specific values for the

rules that will be used to by the Switch to determine if a given packet should be forwarded or

filtered. Masks entered using the create access_profile command will be combined, using a

logical AND operational method, with the values the Switch finds in the specified frame

header fields.

Syntax

config access_profile profile_id <value 1-14> [add access_id [auto_assign | <value 1-

128> ip {source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp |

igmp | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst |

syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id

<value 0-255> {user_define <hex 0x0-0xffffffff}]} | port [<portlist> | all] [permit {priority

<value 0-7> {replace_priority} | rx_rate {no_limit | <value 1-156249>]} | counter [enable |

disable]} | mirror | deny] {time_range <range_name 32>} | delete access_id <value 1-

128>]

previous next