Support User Manuals

D-Link TM DES-6500 Switch User Manual

Open as PDF

of 334

xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch CLI Manual

config cpu access_profile

in their header.

• protocol_id <value 0-255> − Specifies that the Switch will examine the

protocol field in each packet and if this field contains the value entered

here, apply the following rules.

• packet_content_mask – Specifies that the Switch will mask the packet

header beginning with the offset value specified as follows:

port <portlist> - The access profile for the CPU may be defined for each

port on the Switch. The port list is specified by listing the lowest switch

number and the beginning port number on that switch, separated by a

colon. Then the highest switch number, and the highest port number of the

range (also separated by a colon) are specified. The beginning and end of

the port list range are separated by a dash. For example, 1:3 specifies

switch number 1, port 3. 2:4 specifies switch number 2, port 4. 1:3-2:4

specifies all of the ports between switch 1, port 3 and switch 2, port 4 − in

numerical order.

permit | deny – Specify that the packet matching the criteria configured with

command will either be permitted entry to the cpu or denied entry to the

cpu.

• user_define_mask <hex 0x0-0xffffffff> − Specifies that the rule

applies to the IP protocol ID and the mask options behind the IP

header.

• offset_0-15 - Enter a value in hex form to mask the packet from

byte 0 to byte 15.

• offset_16-31 - Enter a value in hex form to mask the packet from

byte 16 to byte 31.

• offset_32-47 - Enter a value in hex form to mask the packet from

byte 32 to byte 47.

• offset_48-63 - Enter a value in hex form to mask the packet from

byte 48 to byte 63.

• offset_64-79 - Enter a value in hex form to mask the packet from

byte 64 to byte 79.

delete access_id <value 1-65535> - Use this to remove a previously

created access rule in a profile ID.

Restrictions Only administrator-level users can issue this command.

Example usage:

To configure cpu access list entry:

DES-6500:4#config cpu access_profile profile_id 10 add access_id 1

ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3

icmp type 11 code 32 port 1 deny

Command: config cpu access_profile profile_id 10 add access_id 1

ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3

icmp type 11 code 32 port 1 deny

Success.

DES-6500:4#

232

previous next