User`s guide

ManualsBrandsD-Link ManualsComputer equipment3100 24 - DGS Switch - Stackable

161

162

163

164

165

166

167

168

169

170

DGS-3100 Gigabit Ethernet Switch Manual

162

ACCESS CONTROL LIST COMMANDS

The Access Control List commands in the Command Line Interface (CLI) are listed (along with the appropriate

parameters) in the following table.

Command Parameter

create access_profile

(Ethernet)

profile_id <value 1-15> [ethernet {vlan | source_mac <macmask 000000000000-

ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p |

ethernet_type}]

create access_profile

(IP)

profile_id <value 1-15> [ ip {source_ip_mask <netmask> | destination_ip_mask

<netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex

0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask } | udp {src_port_mask

<hex 0x0-0xffff> | dst_port_mask <hex 0x0-xffff>}]}]

config access_profile

(Ethernet)

profile_id <value 1-15> [add access_id [auto assign | <value 1-255>] [ethernet

{vlan <vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> |

destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |

ethernet_type <hex 0x0-0xffff>} ports <portlist> [permit {replace_priority <value

0-7> | rate_limit <value 3500-1000000>} | deny]

config access_profile

(IP)

profile_id <value 1-15> [add access_id [auto assign | <value 1-255>] [ip

{source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type

<value 0-255> code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port

<value 0-65535> | dst_port <value 0-65535> | flag <flag 1-24>} | udp {src_port

<value 0-65535> | dst_port <value 0-65535>}]} ports <portlist> [permit

{ replace_dscp <value 0-63> | rate_limit <value 3500-1000000>} | deny]

config access_profile profile_id <value 1-15> delete access_id <value 1-255>

delete access_profile profile_id <value 1-15>

show access_profile {profile_id <value 1-15>}

Each command is listed in detail, as follows:

create access_profile (Ethernet)

Purpose To create an access profile on the Switch by examining the Ethernet

part of the packet header. Masks entered can be combined with the

values the Switch finds in the specified frame header fields. Specific

values for the rules are entered using the config access_profile

command, below

Syntax

create access_profile profile_id <value 1-15> [ethernet {vlan |

source_mac <macmask 000000000000-ffffffffffff> |

destination_mac <macmask 000000000000-ffffffffffff> | 802.1p |

ethernet_type}]

Description The create access_profile command creates a profile for packets

that may be accepted or denied by the Switch by examining the

Ethernet part of the packet header. Specific values for rules

pertaining to the Ethernet part of the packet header may be defined

by configuring the config access_profile command for Ethernet, as

stated below