Filter
Top Products
xStack DGS/DXS-3300 Series Layer 3 Stackable Gigabit Ethernet Switch CLI Manual
210
25
ACCESS CONTROL LIST (ACL) COMMANDS
The xStack DGS/DXS-3300 series implement Access Control Lists that enable the Switch to deny network access to specific
devices or device groups based on IP settings, MAC address, packet content, IPv6 settings or CPU.
Command Parameters
create access_profile
[ethernet {vlan | source_mac <macmask 000000000000-ffffffffffff> | destination_mac
<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type |
code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-
0xffff> | dst_port_mask <hex 0x0-xffff>} | protocol_id {user _mask <hex 0x0-0xffffffff> }]}
| packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class | flowlabel |
source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>}] profile_id <value
1-8>}
delete access_profile
profile_id
<value 1-8>
config access_profile
profile_id
<value 1-8> [add access_id [auto_assign | <value 1-65535>] [ethernet {vlan
<vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> | destination_mac
<macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff>} port <port> [permit {priority <value 0-7> {replace_priority} | replace_dscp <value
0-63> } | deny | mirror] | ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip
<ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> code <value 0-255>} | igmp
{type <value 0-255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg |
ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} |
protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff>}]} port <port> [permit
{priority <value 0-7> {replace_priority} | replace_dscp <value 0-63>} | deny | mirror] |
packet_content {offset_0-15 <hex0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff><hex
0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex0x0-0xffffffff>} port <port> [permit {priority <value 0-7>
{replace_priority} | replace_dscp <value 0-63>} | deny | mirror] | ipv6 {class <value 0-
255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destionation_ipv6
<ipv6addr>} port <port> [permit {priority <value 0-7> {replace_priority}} | deny | mirror] |
delete <value 1-65535>]
show access_profile {profile_id <value 1-8>}
create cpu
access_profile
[ethernet {vlan | source_mac <macaddr 000000000000-ffffffffffff> | destination_mac
<macaddr 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan | source_ip_mask
<netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} |
tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | flag_mask [all |
{urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask
<hex 0x0-0xffff>} | protocol_id {user_mask <hex 0x0-0xffffffff>} ]} | packet_content_mask
{offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff>| offset 16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | {offset 32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff>
|
{
offset 48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-