Specifications
xStack DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual
DGS-3400:4# create access_profile profile_id 2 ip protocol_id_mask 0xFF
Command: create access_profile profile_id 2 ip protocol_id_mask 0xFF
Success.
DGS-3400:4#
config access_profile (IP)
Purpose Used to configure the IP access profile on the Switch and to define specific values for the
rules that will be used to by the Switch to determine if a given packet should be
forwarded or filtered. Masks entered using the create access_profile command will be
combined, using a logical AND operational method, with the values the Switch finds in
the specified frame header fields.
Syntax
config access_profile profile_id <value 1-6> [add access_id [auto_assign | <value
1-128> ip {source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp
| igmp | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh |
rst | syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} |
protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff}]} port [<portlist> | all]
[permit {priority <value 0-7> {replace_priority} | replace_dscp <value 0-63>} rx_rate
[no_limit | <value 1-156249>]} | deny]] {time_range <range_name 32>} | delete
access_id <value 1-128>]
Description This command is used to define the rules used by the Switch to either filter or forward
packets based on the IP part of each packet header.
Parameters profile_id <value 1-6> - Enter an integer between 1 and 6 that is used to identify the
access profile that will be configured with this command. This value is assigned to the
access profile when it is created with the create access_profile command. The lower
the profile ID, the higher the priority the rule will be given.
add access_id <value 1-128> - Adds an additional rule to the above specified access
profile. The value specifies the relative priority of the additional rule. Up to 128 different
rules may be configured for the IP access profile.
ip − Specifies that the Switch will look into the IP fields in each packet to see if it will be
either forwarded or filtered based on one or more of the following:
• auto_assign – Choose this parameter to configure the Switch to automatically
assign a numerical value (between 1 and 128) for the rule being configured.
• source_ip <ipaddr> - Specifies that the access profile will apply to only packets with
this source IP address.
• destination_ip <ipaddr> − Specifies that the access profile will apply to only packets
with this destination IP address.
• dscp <value 0-63> − Specifies that the access profile will apply only to packets that
have this value in their Type-of-Service (DiffServ code point, DSCP) field in their IP
packet header.
• icmp − Specifies that the Switch will examine the Internet Control Message Protocol
(ICMP) field within each packet.
• igmp − Specifies that the access profile will apply to packets that have this IGMP
type.
• tcp - Specifies that the switch will examine each frames Transport Control Protocol
(TCP) field.
• src_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this TCP source port in their TCP header.
• dst_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this TCP destination port in their TCP header.
• Enter the type of TCP flag to be masked. The choices are:
• urg: TCP control flag (urgent)
• ack: TCP control flag (acknowledgement)
• psh: TCP control flag (push)
189