D-Link xStack DES-3800 Series Cli Manual page 168

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
port 7 deny – a single access rule was created. This rule will subtract one rule available for the port group
1 – 8, as well as one rule from the total available rules.In order to address this functional limitation of the
chip set, an additional function, CPU Interface Filtering, has been added. CPU Filtering may be
universally enabled or disabled. Setting up CPU Interface Filtering follows the same syntax as ACL
configuration and requires some of the same input parameters. To configure CPU Interface Filtering, see
the descriptions below for create cpu access_profile and config cpu access_profile. To enable CPU
Interface Filtering, see config cpu_interface_filtering. The DES-3828 has three ways of creating access
profile entries on the Switch which include Ethernet (MAC Address), IP, and Packet Content. Due to
the present complexity of the access profile commands, it has been decided to split this command into
three pieces to be better understood by the user and therefore simpler for the user to configure. The
beginning of this section displays the create access_profile and config access_profile commands in their
entirety. The following table divides these commands up into the defining features necessary to properly
configure the access profile. Remember these are not the total commands but the easiest way to
implement Access Control Lists for the Switch.
Command
create access_profile
config access_profile
profile_id
create access_profile
config access_profile
profile_id
create access_profile
config access_profile
profile_id
Parameters
[ethernet {vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type} profile_id <value 1-8>}
<value 1-8> [add access_id <value 1-100> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}
port <port> [permit {priority <value 0-7> {replace_priority} | deny]
delete <value 1-100>]
ip {vlan | source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>
| flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-xffff>}
| protocol_id {user _mask <hex 0x0-0xffffffff> }]} profile_id <value
1-8>}
<value 1-255> [add access_id <value 1-100> ip {vlan <vlan_name
32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value
0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp
{type <value 0-255>} | tcp {src_port <value 0-65535> | dst_port
<value 0-65535> | urg | ack | psh | rst | syn | fin} | udp {src_port
<value 0-65535> | dst_port <value 0-65535>} | protocol_id <value
0 - 255> {user_define <hex 0x0-0xffffffff> }]} port <port> [permit
{priority <value 0-7> {replace_priority} | replace_dscp <value 0-
63>} | deny] delete <value 1-100>]
packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} profile_id <value 1-8>}
<value 1-255> [add access_id <value 1-100> packet_content
{offset_0-15 <hex0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff><hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> | offset 48-63 <hex 0x0-0xffffffff>
163