Specifications

ManualsBrandsEdge10 ManualsComputer equipmentC171

201

202

203

204

205

206

207

208

209

210

xStack DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual

config cpu access_profile

Purpose Used to configure a cpu access profile used for CPU Interface Filtering and to define specific

values that will be used to by the Switch to determine if a given packet should be forwarded

or filtered. Masks entered using the create cpu access_profile command will be combined,

using a logical AND operation, with the values the Switch finds in the specified frame header

fields. Specific values for the rules are entered using the config cpu access_profile

command, below.

Syntax

config cpu access_profile profile_id <value 1-5> [ add access_id <value 1-100>

[ethernet {vlan <vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff > |

destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |

ethernet_type <hex 0x0-0xffff>} port [<portlist> | all] | ip {vlan vlan_name 32> |

source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value

0-255> | code <value 0-255>} | igmp { type <value 0-255>} | tcp {src_port <value 0-

65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp

{src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255>

{user_define <hex 0x0-0xffffffff>}]} port [<portlist> | all] [permit | deny] |

packet_content {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} [<portlist> | all] [permit |

deny] {time_range <range_name 32>} | delete access_id <value 1-100>]

Description The config cpu access_profile command is used to configure a CPU access profile for

CPU Interface Filtering and to enter specific values that will be combined, using a logical

AND operational method, with masks entered with the create cpu access_profile

command, above.

Parameters

profile_id <value 1-5> − Enter an integer used to identify the access profile that will be

configured with this command. This value is assigned to the access profile when it is created

with the create access_profile command. The profile ID sets the relative priority for the profile

and specifies an index number that will identify the access profile being created with this

command. Priority is set relative to other profiles where the lowest profile ID has the highest

priority.

ethernet − Specifies that the Switch will look only into the layer 2 part of each packet.

ip − Specifies that the Switch will look into the IP fields in each packet.

• add access_id <value 1-100> − Adds an additional rule to the above specified

access profile. The value is used to index the rule created.

• vlan <vlan_name 32> − Specifies that the access profile will apply to only to this

VLAN.

• source_mac <macaddr 000000000000-ffffffffffff> − Specifies that the access profile

will apply to this source MAC address.

• destination_mac <macaddr 000000000000-ffffffffffff> − Specifies that the access

profile will apply to this destination MAC address.

• ethernet_type <hex 0x0-0xffff> − Specifies that the access profile will apply only to

packets with this hexadecimal 802.1Q Ethernet type value in the packet header.

• vlan <vlan_name 32> − Specifies that the access profile will apply to only this

VLAN.

• source_ip <ipaddr> − Specifies that the access profile will apply to only packets with

this source IP address.

• destination_ip <ipaddr> − Specifies that the access profile will apply to only packets

with this destination IP address.

• dscp <value 0-63> − Specifies that the access profile will apply only to packets that

have this value in their Type-of-Service (DiffServ code point, DSCP) field in their IP

packet header

• icmp − Specifies that the Switch will examine the Internet Control Message Protocol

(ICMP) field within each packet.

197