Manualshelf

User`s guide

ManualsBrandsD-Link ManualsComputer equipment3250TG - Switch
241242243244245246247248249250
DES-3226S Layer 2 Switch CLI Reference
241
Command Parameters
user_define <hex 0x0-0xffffffff>
priority <value 0-7>
replace_priority
replace_dscp <value 0-63>
delete <value 1-255>
Due to a chipset limitation, the Switch currently supports a maximum of 10
access profiles, each containing a maximum of 50 rules with the additional
limitation of 50 rules total for all 10 access profiles.
Access profiles allow you to establish criteria to determine whether or not the
Switch will forward packets based on the information contained in each
packet’s header. These criteria can be specified on a VLAN-by-VLAN basis.
Creating an access profile is divided into two basic parts. First, an access
profile must be created using the create access_profile command. For
example, if you want to deny all traffic to the subnet 10.42.73.0 to
10.42.73.255, you must first create an access profile that instructs the Switch
to examine all of the relevant fields of each frame, and specify deny:
create access_profile ip source_ip_mask 255.255.255.0 profile_id 1 deny
Here we have created an access profile that will examine the IP field of each
frame received by the Switch. Each source IP address the Switch finds will be
combined with the source_ip_mask with a logical AND operation. The
profile_id parameter is used to give the access profile an identifying number
in this case, 1. The deny parameter instructs the Switch to filter any frames
that meet the criteria in this case, when a logical AND operation between an
IP address specified in the next step and the ip_source_mask match.
The default for an access profile on the Switch is to permit traffic flow. If
you want to restrict traffic, you must use the deny parameter.
Now that an access profile has been created, you must add the criteria the
Switch will use to decide if a given frame should be forwarded or filtered.
Here, we want to filter any packets that have an IP source address between
10.42.73.0 and 10.42.73.255:
config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1
Here we use the profile_id 1 which was specified when the access profile was
created. The add parameter instructs the Switch to add the criteria that