Table of Contents
Advertisement
DAS-3600 Series Ethernet over VDSL Switch CLI Reference Manual
config access_profile
Parameters
ip v4− Specifies that the Switch will look into the IP fields in each packet.
vlan <vlan_name 32>|vlan_id<value 1-4094> − Specifies that the access profile will apply to
only this VLAN.
source_ip <ipaddr> − Specifies that the access profile will apply to only packets with this
source IP address.
destination_ip <ipaddr> − Specifies that the access profile will apply to only packets with this
destination IP address.
dscp <value 0-63> − Specifies that the access profile will apply only to packets that have this
value in their Type-of-Service (DiffServ code point, DSCP) field in their IP packet header
icmp − Specifies that the Switch will examine the Internet Control Message Protocol (ICMP)
field within each packet.
igmp − Specifies that the Switch will examine the Internet Group Management Protocol
(IGMP) field within each packet.
tcp − Specifies that the Switch will examine the Transmission Control Protocol (TCP) field
within each packet.
udp − Specifies that the Switch will examine the User Datagram Protocol (UDP) field in each
packet.
src_port <value 0-65535> − Specifies that the access profile will apply only to packets that
have this UDP source port in their UDP header.
dst_port <value 0-65535> − Specifies that the access profile will apply only to packets that
have this UDP destination port in their UDP header.
protocol_id <value 0-255> − Specifies that the Switch will examine the protocol field in each
packet and if this field contains the value entered here, apply the following rules.
user_define <hex 0x0-0xfffffff> − Specifies a mask to be combined with the value found in the
frame header and if this field contains the value entered here, apply the following rules.
packet_content_mask – Allows users to examine any up to four specified offset_chunk within
a packet at one time and specifies that the Switch will mask the packet header beginning with
the offset value specified as follows:
packet_content { destination_mac <macaddr> {mask <macmask>} | source_mac
<macaddr> {mask <macmask>} | outer_tag <hex 0x0-0x0fff> {mask <hex 0x0-0x0fff>} |
offset1 <hex 0x0-0xff> {mask <hex 0x0-0xff>} | offset2 <hex 0x0-0xff> {mask <hex 0x0-
0xff>} | offset3 <hex 0x0-0xff> {mask <hex 0x0-0xff>} | offset4 <hex 0x0-0xff> {mask
<hex 0x0-0xff>} | offset5 <hex 0x0-0xff> {mask <hex 0x0-0xff>} | offset6 <hex 0x0-0xff>
{mask <hex 0x0-0xff>}}
With this advanced unique Packet Content Mask (also known as Packet Content Access
Control List - ACL), D-Link switches can effectively mitigate some network attacks like the
common ARP Spoofing attack that is wide spread today. This is the reason that Packet
Content ACL is able to inspect any specified content of a packet in different protocol layers.
IPV6 - Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering
type <value 0-65535> − Specifies that the access profile will apply to this ICMP type
value.
code <value 0-255> − Specifies that the access profile will apply to this ICMP code.
type <value 0-255> − Specifies that the access profile will apply to packets that
have
this IGMP type value.
•
src_port <value 0-65535> − Specifies that the access profile will apply only
to packets that have this TCP source port in their TCP header.
•
dst_port <value 0-65535> − Specifies that the access profile will apply only
to packets that have this TCP destination port in their TCP header.
urg: TCP control flag (urgent)
ack: TCP control flag (acknowledgement)
psh: TCP control flag (push)
rst: TCP control flag (reset)
syn: TCP control flag (synchronize)
fin: TCP control flag (finish)
404
Advertisement
Table of Contents
