Table of Contents
Advertisement
The DES-3500 implements Access Control Lists that enable the Switch to deny network access to specific devices or device
groups based on IP settings and MAC address.
The access profile commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Note: The ACL command set has been changed for the Release III firmware. In particular, note the
different role of the profile_id and access_id parameters. The new treatment has changed some of
the command parameters as well.
Command
create access_profile
delete access_profile
config access_profile
show access_profile
enable
cpu_interface_filtering
disable
cpu_interface_filtering
create cpu
access_profile
profile_id
DES-3500 Layer 2 Fast Ethernet Switch CLI Reference Manual
A
CCESS
Parameters
[ethernet {vlan | source_mac <macmask> | destination_mac <macmask> | 802.1p |
ethernet_type} ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex
0x0 - 0xFF> {user_define_mask <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_0-15
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]
[profile_id <value 1-255>]
[profile_id <value 1-255> | all]
profile_id <value 1-255> [add access_id <value 1-65535> [ethernet {vlan <vlan_name 32> |
source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type
<hex 0x0-0xffff>} | ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> |
dscp <value 0-63> | [icmp {type <value 0-255> code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag_mask [all | {urg |
ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} |
protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_0-15 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]
port <portlist> [permit {priority <value 0-7> {replace_priority} | replace_dscp_with <value 0-
63>} | deny] | delete access_id <value 1-65535>]
{profile_id <value 1-255> {access_id <value 1-65535>}}
<value 1-5> [ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |
802.1p | ethernet_type} | ip {vlan | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg |
ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>} | protocol_id_mask {<hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]} |
packet content mask {offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
C
L
ONTROL
IST
164
25
(ACL) C
OMMANDS
Advertisement
Table of Contents
