D-Link DAS-3636 Cli Reference Manual page 405

create access_profile
Restrictions
Example usage:
To create an access list rules:
DAS-3626:admin#create access_profile profile_id 5 profile_name 5 ethernet vlan
source_mac 00-00-00-00-00-01 destination_mac 00-00-00-00-00-02 802.1p ethernet_type
Command: create access_profile profile_id 5 profile_name 5 ethernet vlan source_mac
00-00-00-00-00-01 destination_mac 00-00-00-00-00-02 802.1p ethernet_type
Success.
DAS-3626:admin#
DAS-3600 Series Ethernet over VDSL Switch CLI Reference Manual
packet_content_mask { destination_mac <macmask> | source_mac <macmask> |
outer_tag <hex 0x0-0x0fff> | offset1 [l2 | l3 | l4] <value 0-127> <hex 0x0-0xff> | offset2
[l2 | l3 | l4] <value 0-127> <hex 0x0-0xff> | offset3 [l2 | l3 | l4] <value 0-127> <hex 0x0-
0xff> | offset4 [l2 | l3 | l4] <value 0-127> <hex 0x0-0xff> | offset5 [l2 | l3 | l4] <value 0-
127> <hex 0x0-0xff> | offset6 [l2 | l3 | l4] <value 0-127> <hex 0x0-0xff> }
With this advanced unique Packet Content Mask (also known as Packet Content Access
Control List - ACL), D-Link switches can effectively mitigate some network attacks like
the common ARP Spoofing attack that is wide spread today. This is the reason why
Packet Content ACL is able to inspect any specified content of a packet in different
protocol layers.
IPV6 − Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering
based on the rules configured in the config access_profile command for IPv6.
class – Entering this parameter will instruct the Switch to examine the class field of
•
the IPv6 header. This class field is a part of the packet header that is similar to the
Type of Service (ToS) or Precedence bits field in IPv4.
flowlabel – Entering this parameter will instruct the Switch to examine the flow label
•
field of the IPv6 header. This flow label field is used by a source to label sequences
of packets such as non-default quality of service or real time service packets.
tcp – Specifies that the Switch will examine each frame's Transmission Control
•
Protocol (TCP) field.
udp − Specifies that the Switch will examine each frame's User Datagram Protocol
•
(UDP) field.
source_ipv6_mask <ipv6mask> − Specifies an IP address mask for the source IPv6
•
address.
destination_ipv6_mask <ipv6mask> − Specifies an IP address mask for the destination IPv6
address.
Only Administrator and Operator-level users can issue this command.
400