Table of Contents
Advertisement
The DGS-3312SR implements Access Control Lists that enable the switch to deny network access to specific devices or device
groups based on IP settings or MAC address. The ACL commands in the Command Line Interface (CLI) are listed (along with
the appropriate parameters) in the following table.
Command
create access_profile
delete access_profile
profile_id
config access_profile
profile_id
show access_profile
Access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on the
information contained in each packet's header. These criteria can be specified on a VLAN-by-VLAN basis.
Creating an access profile is divided into two basic parts.
access_profile command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first
create an access profile that instructs the switch to examine all of the relevant fields of each frame:
DGS-3312SR Layer 3 Gigabit Switch
A
C
CCESS
ONTROL
Parameters
[ethernet {vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type} | ip {vlan | source_ip_mask
<netmask> | destination_ip_mask <netmask> | dscp | [icmp {type |
code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh |
rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id {user_mask <hex
0x0-0xffffffff>}]} | packet_content_mask {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_16-31 <hex0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff>}] {port [<portlist> | all]} [profile_id <value 1-255>]
<value 1-255>
<value 1-255> [add access_id <value 1-255> [ethernet {vlan
<vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>
[permit {priority <value 0-7> {replace_priority}} | deny ] | ip {vlan
<vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> |
dscp <value 0-63> | [icmp {type <value 0-255> code <value 0-
255>} | igmp {type <value 0-255>} | tcp {src_port <value 0-65535>
| dst_port <value 0-65535> | flag_mask [all | {urg | ack | psh | rst |
syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-
65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-
0xffffffff>}]} [permit {priority <value 0-7> {replace_priority }} | deny ]
| packet_content {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-
0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}] [permit {priority <value 0-
7> {replace_priority} | deny] | delete access_id <value 1-255>]
{profile_id <value 1-255>}
186
L
(ACL) C
IST
First, an access profile must be created using the create
25
OMMANDS
Advertisement
Table of Contents
