Cpu Access Profile List - D-Link xStack DES-3200 Series Reference Manual

Priority (0-7)
Replace Priority
Replace DSCP (0-63)
Replace ToS Precedence
(0-7)
Time Range Name
Counter
Ports
VLAN Name
VLAN ID
Click the Apply button to accept the changes made.
Click the <<Back button to discard the changes made and return to the previous page.
After clicking the Show Details button in the Access Rule List, the following page will appear:
Click the Show All Rules button to navigate back to the Access Rule List.

CPU Access Profile List

Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This
added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously
mentioned, CPU interface filtering examines Ethernet, IPv4, IPv6 and Packet Content Mask packet headers
destined for the CPU and will either forward them or filter them, based on the user's implementation. As an added
xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch
forwarded by the Switch and will be filtered.
Select Mirror to specify that packets that match the access profile are mirrored to a
port defined in the config mirror port command. Port Mirroring must be enabled
and a target port must be set.
Tick the corresponding check box if you want to re-write the 802.1p default priority
of a packet to the value entered in the Priority field, which meets the criteria
specified previously in this command, before forwarding it on to the specified CoS
queue. Otherwise, a packet will have its incoming 802.1p user priority re-written to
its original value before being forwarded by the Switch.
For more information on priority queues, CoS queues and mapping for 802.1p, see
the QoS section of this manual.
Tick this check box to replace the Priority value in the adjacent field.
Select this option to instruct the Switch to replace the DSCP value (in a packet that
meets the selected criteria) with the value entered in the adjacent field. When an
ACL rule is added to change both the priority and DSCP of an IPv4 packet, only
one of them can be modified due to a chip limitation. Currently the priority is
changed when both the priority and DSCP are set to be modified.
Specify that the IP precedence of the outgoing packet is changed with the new
value. If used without an action priority, the packet is sent to the default TC.
Tick the check box and enter the name of the Time Range settings that has been
previously configured in the Time Range Settings window. This will set specific
times when this access rule will be implemented on the Switch.
Here the user can select the counter. By checking the counter, the administrator
can see how many times that the rule was hit.
When a range of ports is to be configured, the Auto Assign check box MUST be
ticked in the Access ID field of this window. If not, the user will be presented with
an error message and the access rule will not be configured. Ticking the All Ports
check box will denote all ports on the Switch.
Specify the VLAN name to apply to the access rule.
Specify the VLAN ID to apply to the access rule.
Figure 7-22 Access Rule Detail Information (Packet Content ACL)
153