Access Control List (Acl) Commands - D-Link DGS-3212SR Command Line Interface Reference Manual

The DGS-3212SR implements Access Control Lists that enable the switch to deny network access to specific devices or device
groups based on IP settings or MAC address. The ACL commands in the Command Line Interface (CLI) are listed (along with
the appropriate parameters) in the following table.
Command
create access_profile
delete access_profile
profile_id
config access_profile
profile_id
show access_profile
Access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on the
information contained in each packet's header. These criteria can be specified on a VLAN-by-VLAN basis.
DGS-3212SR Layer 3 Gigabit Switch
A C
CCESS ONTROL
Parameters
[ ethernet{ vlan | source_mac <macmask> |
<macmask> | 802.1p | ethernet_type}| ip { vlan |
source_ip_mask <netmask> |
dscp | [ icmp {type | code } |
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>|
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>} | protocol_id {user_mask <hex 0x0-
0xffffffff>} ]}|packet_content_mask{offset_0-15 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_16-31 <hex0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_48-63
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_64-79 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff>}]{port[<portlist>|all]}[profile_id
<value 1-255>]
<value 1-255>
<value 1-255>[ add access_id <value 1-255>[ ethernet { vlan
<vlan_name 32> |
<macaddr> | 802.1p <value 0-7> |
0xffff> }[ permit { priority <value 0-7> { replace_priority}} | deny ]|
ip{ vlan <vlan_name 32> |
destination_ip <ipaddr> |
<value 0-255> code <value 0-255>} |
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-
65535> | flag_mask [all | {urg | ack | psh | rst| syn | fin}]} |
{src_port <value 0-65535> | dst_port <value 0-65535>}|
protocol_id <value 0 - 255> {user_define <hex 0x0-
0xffffffff>}]}[ permit{priority <value 0-7> { replace_priority} |
replace_dscp <value 0-63> } | deny ]|packet_content{offset_0-15
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> |offset_64-79 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff>}[ permit{ priority <value 0-7> } | deny ] ]| delete
access_id <value 1-255> ]
{profile_id <value 1-255>}
207
L (ACL) C
IST
destination_ip_mask <netmask> |
igmp {type } | tcp
source_mac <macaddr> |
ethernet_type <hex 0x0-
source_ip <ipaddr> |
dscp <value 0-63> |[
igmp {type <value 0-
25
OMMANDS
destination_mac
destination_mac
icmp {type
udp