Specifications

ManualsBrandsEdge10 ManualsComputer equipmentC171

191

192

193

194

195

196

197

198

199

200

xStack DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual

create cpu access_profile

Purpose

Used to create an access profile specifically for CPU Interface Filtering on the Switch and to

define which parts of each incoming frame’s header the Switch will examine. Masks can be

entered that will be combined with the values the Switch finds in the specified frame header

fields. Specific values for the rules are entered using the config cpu access_profile command,

below.

Syntax

create cpu access_profile [ethernet {vlan | source_mac <macaddr 000000000000-ffffffffffff>

| destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan |

source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} |

igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} |

flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |

dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>} {user_define_mask

<hex 0x0-0xffffffff>}]} | packet_content_mask {offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset 16-31 <hex 0x0-0xffffffff> <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 32-47 <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 48-63 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 64-79 <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}] profile_id <value

1-5>

Description

The create cpu access_profile command is used to create an access profile used only for CPU

Interface Filtering. Masks can be entered that will be combined with the values the Switch finds in

the specified frame header fields. Specific values for the rules are entered using the config cpu

access_profile command, below.

Parameters

• type − Specifies that the switch will examine each frame’s IGMP Type field.

• dst_port_mask <hex 0x0-0xffff> − Specifies a TCP port mask for the destination port.

ethernet − Specifies that the Switch will examine the layer 2 part of each packet header.

ip − Specifies that the switch will examine the IP address in each frame’s header.

• vlan − Specifies that the Switch will examine the VLAN part of each packet header.

• source_mac <macaddr 000000000000-ffffffffffff> - Specifies to examine the source MAC

address mask. MAC address entries may be made in the following format: 000000000000-

FFFFFFFFFFFF

• destination_mac <macaddr 000000000000-ffffffffffff> - Specifies to examine the destination

MAC address mask. MAC address entries may be made in the following format:

000000000000-FFFFFFFFFFFF

• 802.1p - Specifies that the Switch will examine the 802.1p priority value in the frame’s

header.

• ethernet_type − Specifies that the switch will examine the Ethernet type value in each

frame’s header.

• vlan − Specifies a VLAN mask.

• source_ip_mask <netmask> − Specifies an IP address mask for the source IP address.

• destination_ip_mask <netmask> − Specifies an IP address mask for the destination IP

address.

• dscp − Specifies that the switch will examine the DiffServ Code Point (DSCP) field in each

frame’s header.

• icmp − Specifies that the switch will examine the Internet Control Message Protocol (ICMP)

field in each frame’s header.

• type − Specifies that the switch will examine each frame’s ICMP Type field.

• code − Specifies that the switch will examine each frame’s ICMP Code field.

• igmp − Specifies that the switch will examine each frame’s Internet Group Management

Protocol (IGMP) field.

• tcp − Specifies that the switch will examine each frames Transport Control Protocol (TCP)

field.

• src_port_mask <hex 0x0-0xffff> − Specifies a TCP port mask for the source port.

• flag_mask [ all | {urg | ack | psh | rst | syn | fin}] – Enter the appropriate flag_mask

parameter. All incoming packets have TCP port numbers contained in them as the

forwarding criterion. These numbers have flag bits associated with them which are parts of

a packet that determine what to do with the packet. The user may deny packets by denying

certain flag bits within the packets. The user may choose between all, urg (urgent), ack

195