D-Link xStack DES-3528 Series Cli Reference Manual page 269

xStack® DES-3528/DES-3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide
config access_profile
ip − Specifies that the Switch will look into the IP fields in each packet.
vlan <vlan_name 32> − Specifies that the access profile will only apply to this VLAN.
vlan_id <value 1-4094> - Specifies that the access prfile will only apply to this VLAN ID.
source_ip <ipaddr> − Specifies that the access profile will apply to only packets with this
source IP address.
destination_ip <ipaddr> − Specifies that the access profile will apply to only packets with this
destination IP address.
dscp <value 0-63> − Specifies that the access profile will apply only to packets that have this
value in their Type-of-Service (DiffServ code point, DSCP) field in their IP packet header
icmp − Specifies that the Switch will examine the Internet Control Message Protocol (ICMP)
field within each packet.
igmp − Specifies that the Switch will examine the Internet Group Management Protocol
(IGMP) field within each packet.
tcp − Specifies that the Switch will examine the Transmission Control Protocol (TCP) field
within each packet.
udp − Specifies that the Switch will examine the User Datagram Protocol (UDP) field in each
packet.
protocol_id <value 0-255> − Specifies that the Switch will examine the protocol field in each
packet and if this field contains the value entered here, apply the following rules.
user_define <hex 0x0-0xfffffff> − Specifies a mask to be combined with the value found in the
frame header and if this field contains the value entered here, apply the following rules.
packet_content - Allows users to examine any up to four specified offset_chunk within a
packet at one time and specifies that the Switch will check packet header beginning with the
offset value specified as follows:
packet_content { offset_chunk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-
0xffffffff> | offset_chunk_3 <hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>
IPv6 - Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering
based on the rules configured in the config access_profile command for IPv6.
type <value 0-255> − Specifies that the access profile will apply to this ICMP type
value.
code <value 0-255> − Specifies that the access profile will apply to this ICMP code
value.
type <value 0-255> − Specifies that the access profile will apply to packets that
have this IGMP type value.
• src_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this TCP source port in their TCP header.
• dst_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this TCP destination port in their TCP header.
urg: TCP control flag (urgent)
ack: TCP control flag (acknowledgement)
psh: TCP control flag (push)
rst: TCP control flag (reset)
syn: TCP control flag (synchronize)
fin: TCP control flag (finish)
• src_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this UDP source port in their header.
• dst_port <value 0-65535> − Specifies that the access profile will apply only to
packets that have this UDP destination port in their header.
•
With this advanced unique Packet Content Mask (also known as Packet Content
Access Control List - ACL), D-Link xStack Switch family can effectively mitigate
some network attacks like the common ARP Spoofing attack that is wide spread
today. This is the reason that Packet Content ACL is able to inspect any specified
content of a packet in different protocol layers.
•
class – Entering this parameter will instruct the Switch to examine the class field of
the IPv6 header. This class field is a part of the packet header that is similar to the
Type of Service (ToS) or Precedence bits field in IPv4.
•
flowlabel – Entering this parameter will instruct the Switch to examine the
flow label field of the IPv6 header. This flow label field is used by a source to
269