Filter
Top Products
xStack DGS/DXS-3300 Series Layer 3 Stackable Gigabit Ethernet Switch CLI Manual
212
access_id gives the rule a higher priority. In case of a conflict in the rules entered for an access profile, the rule with the highest
priority (lowest access_id) will take precedence.
The ip parameter instructs the Switch that this new rule will be applied to the IP addresses contained within each frame’s
header. source_ip tells the Switch that this rule will apply to the source IP addresses in each frame’s header. Finally, the IP
address 10.42.73.1 will be combined with the source_ip_mask 255.255.255.0 to give the IP address 10.42.73.0 for any source
IP address between 10.42.73.0 to 10.42.73.255.
The user now also has the option of mirroring packets to a selected port for further scrutiny. Configured in the Mode field of the
Access Profile Rule, the Switch administrator may now copy and send packets that match the criteria specified to a mirror target
port, in conjunction with the Port Mirroring function. For this mirror function to work, the Port Mirroring function must be
globally enabled and a Mirror target port must be set. Certain restrictions apply to the Access Profile Mirror function:
1. Since this function is capable through the FFP (FAST Filter Processor) of the chip, only ingress packets can be
mirrored.
2. The ACL Mirror function is restricted to the rules of the Port Mirroring function. Therefore, mirrored ports can not be
cross-box, that is, the ports cannot be set across switches in a switch stack. In addition, the Port Mirroring function
shares the mirror port with the ACL Mirror function.
In order to address this functional limitation of the chip set, an additional function, CPU Interface Filtering, has been added.
CPU Filtering may be universally enabled or disabled. Setting up CPU Interface Filtering follows the same syntax as ACL
configuration and requires some of the same input parameters. To configure CPU Interface Filtering, see the descriptions below
for create cpu access_profile and config cpu access_profile. To enable CPU Interface Filtering, see enable
cpu_interface_filtering.
Upon this release, the xStack DGS/DXS-3300 series have incorporated four ways of creating access profile entries on the
Switch which include Ethernet (MAC Address), IP, Packet Content and the most recent IPv6. Due to the present complexity
of the access profile commands, it has been decided to split this command into four pieces to be better understood by the user
and therefore simpler for the user to configure. The beginning of this section displays the create access_profile and config
access_profile commands in their entirety. The following table divides these commands up into the defining features necessary
to properly configure the access profile. Remember these are not the total commands but the easiest way to implement Access
Control Lists for the Switch.
NOTE: When using the ACL Mirror function, ensure that the Port Mirroring
function is enabled and a target mirror port is set.