D-Link xStack DES-6500 Cli Manual page 232

xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch CLI Manual
config access_profile profile_id (for Ethernet)
Restrictions
Example usage:
To configure a rule for the Ethernet access profile:
D E S - 6 5 0 0 : 4 # c o n f i g a c c e s s p r o f i l e p r o f i l e _ i d 1 a d d
a c c e s s _ i d 1 e t h e r n e t v l a n T r i n i t y 8 0 2 . 1 p 1 p o r t 1 : 1
p e r m i t p r i o r i t y 1 r e p l a c e p r i o r i t y
C o m m a n d : c o n f i g a c c e s s p r o f i l e p r o f i l e _ i d 1 a d d
a c c e s s _ i d 1 e t h e r n e t v l a n T r i n i t y 8 0 2 . 1 p 1 p o r t 1 : 1
p e r m i t p r i o r i t y 1 r e p l a c e p r i o r i t y
S u c c e s s .
D E S - 6 5 0 0 : 4 #
create access_profile (IP)
Purpose
Syntax
Description
Parameters
the criteria specified previously in this command, before forwarding it on to
the specified CoS queue. Otherwise, a packet will have its incoming
802.1p user priority re-written to its original value before being forwarded
by the Switch.
replace_dscp <value 0-63>  Allows specification of a value to be written to the
DSCP field of an incoming packet that meets the criteria specified in the first part
of the command. This value will over-write the value in the DSCP field of the
packet.
deny – Specifies that packets that match the access profile are not permitted to
be forwarded by the Switch and will be filtered.
delete access_id <value 1-65535>  Use this command to delete a specific rule
from the Ethernet profile. Up to 65535 rules may be specified for the Ethernet
access profile.
Only Administrator-level users can issue this command.
Used to create an access profile on the Switch by examining the IP part of the
packet header. Masks entered can be combined with the values the Switch
finds in the specified frame header fields. Specific values for the rules are
entered using the config access_profile command, below.
create access_profile profile_id <value 1-8> ip {vlan | source_ip_mask
<netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} |
igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex
0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-xffff>} |
protocol_id {user _mask <hex 0x0-0xffffffff>}]}
This command will allow the user to create a profile for packets that may be
accepted or denied by the Switch by examining the IP part of the packet
header. Specific values for rules pertaining to the IP part of the packet header
may be defined by configuring the config access_profile command for IP, as
stated below.
profile_id <value 1-8> - Specifies an index number between 1 and 8 that will
identify the access profile being created with this command.
ip - Specifies that the Switch will look into the IP fields in each packet with
228