D-Link DAS-3636 Cli Reference Manual page 410

config access_profile
Parameters
Restrictions
Example usage:
To configure the access profile with the profile ID of 1 to filter frames on port 7 that have IP addresses in the range
between 10.42.73.0 to 10.42.73.255:
DAS-3626:admin#config access_profile profile_id 1 add access_id 1 ip source_ip
10.42.73.1 port 7 deny
Command: config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1
port 7 deny
Success.
DAS-3626:admin#
NOTE: Address Resolution Protocol (ARP) is the standard for finding a host's hardware address (MAC
Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN (known as
ARP spoofing attack). For a more detailed explaination on how ARP protocol works and how to employ D-
Link's advanced unique Packet Content ACL to prevent an ARP spoofing attack, please see Appendix B,
at the end of this manual.
show access_profile
Purpose
DAS-3600 Series Ethernet over VDSL Switch CLI Reference Manual
port <portlist> − Specifies the port number on the Switch to permit or deny access for the
rule.
vlanbased [vlan <vlan_name> | vlan_id <value 1-4094>] − Specifies that the access profile
will apply to only to this VLAN.
permit − Specifies the rule permit access for incoming packets on the previously specified
port.
priority <value 0-7> − Specifies that the access profile will apply to packets that contain this
value in their 802.1p priority field of their header for incoming packets on the previously
specified port.
{replace_priority} − Allows users to specify a new value to be written to the priority field of an
incoming packet on the previously specified port.
replace_dscp_with <value 0-63> − Allows users to specify a new value to be written to the
DSCP field of an incoming packet on the previously specified port.
replace_tos_precedence_with <value 0-7> – Specifies the packets that match the access
profile and that tos-precedence values will be changed by the switch.
rx_rate − Specifies that one of the parameters below (no_limit or <value 1-15624>) will be
applied to the rate at which the above specified ports will be allowed to receive packets
• no_limit − Specifies that there will be no limit on the rate of packets received by the
above specified ports.
• <value 1-15624> − Specifies the packet limit, in 64Kbps, that the above ports will be
allowed to receive.
deny − Specifies the rule will deny access for incoming packets on the previously specified
port.
mirror – Specifies the packets that match the access profile, copies it and sends the copied
one to the mirror port.
time_range – Specifies the time_range profile that has been associated with the ACL entries.
delete access_id <value 1-1024> − Use this to remove a previously created access rule of a
profile ID. For information on number of rules that can be created for a given port, lease see
the introduction to this chapter.
Only Administrator and Operator-level users can issue this command.
Used to display the currently configured access profiles on the Switch.
405