create access_profile (IP)
Restrictions
Example usage:
To configure a rule for the Ethernet access profile:
xStack Gigabit Layer 3 Switch Command Line Interface Manual
destination_ip_mask <netmask> − Specifies an IP address
•
mask for the destination IP address.
dscp − Specifies that the Switch will examine the DiffServ
•
Code Point (DSCP) field in each frame's header.
icmp − Specifies that the Switch will examine the Internet
•
Control Message Protocol (ICMP) field in each frame's header.
type − Specifies that the Switch will examine each frame's
•
ICMP Type field.
code − Specifies that the Switch will examine each frame's
•
ICMP Code field.
igmp − Specifies that the Switch will examine each frame's
•
Internet Group Management Protocol (IGMP) field.
type − Specifies that the Switch will examine each frame's
•
IGMP Type field.
tcp − Specifies that the Switch will examine each frames
•
Transport Control Protocol (TCP) field.
src_port_mask <hex 0x0-0xffff> − Specifies a TCP port
•
mask for the source port.
dst_port_mask <hex 0x0-0xffff> − Specifies a TCP port
•
mask for the destination port.
flag_mask [all | {urg | ack | psh | rst | syn | fin}] – Enter the
•
appropriate flag_mask parameter. All incoming packets have
TCP port numbers contained in them as the forwarding
criterion. These numbers have flag bits associated with them
which are parts of a packet that determine what to do with the
packet. The user may deny packets by denying certain flag bits
within the packets. The user may choose between all, urg
(urgent), ack (acknowledgement), psh (push), rst (reset), syn
(synchronize) and fin (finish).
udp − Specifies that the Switch will examine each frame's
•
Universal Datagram Protocol (UDP) field.
src_port_mask <hex 0x0-0xffff> − Specifies a UDP port
•
mask for the source port.
dst_port_mask <hex 0x0-0xffff> − Specifies a UDP port
•
mask for the destination port.
protocol_id − Specifies that the Switch will examine each
•
frame's Protocol ID field.
user_define <hex 0x0-0xfffffff> − Enter a hexidecimal value
•
that will identify the protocol to be discovered in the packet
header.
profile_id <value 1-8> - Specifies an index number between 1 and 8
that will identify the access profile being created with this command.
Only administrator-level users can issue this command.
224