Cpu Access Profile List - D-Link DGS-3000 Series Reference Manual

Replace Priority
Replace DSCP (0-63)
Replace ToS Precedence
(0-7)
Time Range Name
Counter
Ports
VLAN Name
VLAN ID
Click the Apply button to accept the changes made.
Click the <<Back button to discard the changes made and return to the previous page.
After clicking the Show Details button in the Access Rule List, the following window will appear:
Click the Show All Rules button to navigate back to the Access Rule List.

CPU Access Profile List

Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This
added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously
mentioned, CPU interface filtering examines Ethernet, IPv4, IPv6 and Packet Content Mask packet headers destined
for the CPU and will either forward them or filter them, based on the user's implementation. As an added feature for
the CPU Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the
user to create various lists of rules without immediately enabling them.
NOTE: CPU Interface Filtering is used to control traffic access to the switch directly such as protocols
transition or management access. A CPU interface filtering rule won't impact normal L2/3 traffic
forwarding. However, an improper CPU interface filtering rule may cause the network to become
unstable.
To view CPU Access Profile List window, click ACL > CPU Access Profile List as shown below:
DGS-3000 Series Gigabit Ethernet Switch Web UI Reference Guide
original value before being forwarded by the Switch.
For more information on priority queues, CoS queues and mapping for 802.1p, see
the QoS section of this manual.
Select to replace the Priority value in the adjacent field.
Select this option to instruct the Switch to replace the DSCP value (in a packet that
meets the selected criteria) with the value entered in the adjacent field. When an
ACL rule is added to change both the priority and DSCP of an IPv4 packet, only one
of them can be modified due to a chip limitation. Currently the priority is changed
when both the priority and DSCP are set to be modified.
Specify that the IP precedence of the outgoing packet is changed with the new
value. If used without an action priority, the packet is sent to the default TC.
Select and enter the name of the Time Range settings that has been previously
configured in the Time Range Settings window. This will set specific times when
this access rule will be implemented on the Switch.
Select the counter. By checking the counter, the administrator can see how many
times that the rule was hit.
When a range of ports is to be configured, the Auto Assign check box MUST be
selected in the Access ID field of this window. If not, the user will be presented with
an error message and the access rule will not be configured.
Specify the VLAN name to apply to the access rule.
Specify the VLAN ID to apply to the access rule.
Figure 7-22 Access Rule Detail Information (Packet Content ACL)
186