Filter
Top Products
xStack DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
243
config cpu access_profile
Parameters
to packets that have this UDP source port in their header.
• dst_port <value 0-65535> − Specifies that the access profile will apply only
to packets that have this UDP destination port in their header.
• protocol_id <value 0-255> − Specifies that the Switch will examine the protocol
field in each packet and if this field contains the value entered here, apply the
following rules.
• user_define_mask <hex 0x0-0xffffffff> − Specifies that the rule applies to the
IP protocol ID and the mask options behind the IP header.
• packet_content_mask – Specifies that the Switch will mask the packet header
beginning with the offset value specified as follows:
• offset_0-15 - Enter a value in hex form to mask the packet from byte 0 to byte 15.
• offset_16-31 - Enter a value in hex form to mask the packet from byte 16 to byte 31.
• offset_32-47 - Enter a value in hex form to mask the packet from byte 32 to byte 47.
• offset_48-63 - Enter a value in hex form to mask the packet from byte 48 to byte 63.
• offset_64-79 - Enter a value in hex form to mask the packet from byte 64 to byte 79.
ipv6 - Specifies that the Switch will look into the IPv6 fields in each packet, with emphasis on
one or more of the following fields:
• class <value 0-255> - Entering this parameter will instruct the Switch to examine the
class field of the IPv6 header. This class field is a part of the packet header that is
similar to the Type of Service (ToS) or Precedence bits field in IPv4.
• flowlabel <hex 0x0-fffff> - Entering this parameter will instruct the Switch to examine
the flow label field of the IPv6 header. This flow label field is used by a source to label
sequences of packets such as non-default quality of service or real time service
packets. This field is to be defined by the user in hex form.
• source_ipv6 <ipv6addr> - Specifies an IP address mask for the source IPv6 address.
• destination_ipv6 <ipv6addr> - Specifies an IP address mask for the destination IPv6
address.
port <portlist> | all - The access profile for Ethernet may be defined for each port on the
Switch. Up to 128 rules may be configured for each port. Selecting all will configure this rule
for all ports on the Switch. The port list is specified by listing the lowest switch number and
the beginning port number on that switch, separated by a colon. Then the highest switch
number, and the highest port number of the range (also separated by a colon) are specified.
The beginning and end of the port list range are separated by a dash. For example, 1:3
specifies switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4 specifies all
of the ports between switch 1, port 3 and switch 2, port 4 − in numerical order. Non-
contiguous portlist entries are separated by a comma. (ex: 1:1-1:3,1:7-1:9)
permit – Specifies that packets that match the access profile are permitted to be forwarded
by the Switch.
deny – Specifies that packets that match the access profile are not permitted to be forwarded
by the Switch and will be filtered.
{time_range <range_name 32>} – Choose this parameter and enter the name of the Time
Range settings that has been previously configured using the config time_range command.
This will set specific times when this access rule will be enabled or disabled on the Switch.
delete access_id <value 1-100> - Use this to remove a previously created access rule in a
profile ID.
Restrictions Only administrator-level users can issue this command.
Example usage:
To configure CPU access list entry:
DGS-3600:4#config cpu access_profile profile_id 5 add access_id 1 ip vlan default
source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port 1 deny
Command: config cpu access_profile profile_id 10 add access_id 1 ip vlan default source_ip
20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port 1 deny