Filter
Top Products
xStack DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
233
create access_profile (packet content )
access_profile command, below.
Syntax
create access_profile profile_id <value 1-14> packet_content_mask
{offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2 <value 0-31>
<hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x0-0xffffffff> |
offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}
Description This command is used to identify packets by examining the Ethernet packet header,
by byte and then decide whether to filter or forward it, based on the user’s
configuration. The user will specify which bytes to examine by entering them into the
command, in hex form, and then selecting whether to filter or forward them, using the
config access_profile command.
Parameters packet_content_mask – The offset field is used to examine the packet header which
is divided up into four “chunks” where each chunk represents 4 bytes. Values within
the packet header chunk to be identified are to be marked in hexadecimal form in the
“mask” field. The following table will help you identify the bytes in the respective
chunks.
chunk0
chunk1 chunk2…….. chunk29 chunk30 chunk31
b126 b2 b6 b114 b118 b122
b127 b3 b7 b115 b119 b123
b1 b4 b8 b116 b120 b124
Check the box of the chunk, from 1 to 4, you wish to examine and then enter the
hexadecimal value in the mask field.
profile_id <value 1-14> - Specifies an index number between 1 and 14 that will
identify the access profile being created with this command.
Restrictions User Account Command Level – Administrator and Operator.
Example usage:
To create an Access profile by packet content mask:
DGS-3600:4#create access_profile packet_content_mask offset_chunk_1 1
0xFFFFFFFF profile_id 3
Command: create access_profile packet_content_mask offset_chunk_1 1
0xFFFFFFFF profile_id 3
Success.
DGS-3600:4#
config access_profile profile_id (packet content)
Purpose To configure the rule for a previously created access profile command based on the packet
content mask. Packet content masks entered will specify certain bytes of the packet header
to be identified by the Switch. When the Switch recognizes a packet with the identical byte
as the one configured, it will either forward or filter the packet, based on the users command
entered here.
Syntax
config access_profile profile_id <value 1-14> [add access_id <value 1-128>
packet_content {offset_chunk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-
0xffffffff> | offset_chunk_3 <hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>}
port [<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate {no_limit |
<value 1-156249>]} | counter [enable | disable]} | mirror | deny} {time_range
<range_name 32>} | delete access_id <value 1-128>]
Description This command is used to set the rule for a previously configured access profile setting
based on packet content mask. These rules will determine if the Switch will forward or filter
the identified packets, based on user configuration specified in this command. Users will set
bytes to identify by entering them in hex form, offset from the first byte of the packet.