Cpu Access Profile List - D-Link xStack DGS-3420 Series Reference Manual

xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch Web UI Reference Guide
Replace ToS Precedence
(0-7)
Time Range Name
Counter
Ports
VLAN Name
VLAN ID
Click the <<Back button to discard the changes made and return to the previous page.
Click the Apply button to accept the changes made.
After clicking the Show Details button in the Access Rule List, the following page will appear:
Click the Show All Rules button to navigate back to the Access Rule List.

CPU Access Profile List

Due to a chipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This
added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously
mentioned, CPU interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for
the CPU and will either forward them or filter them, based on the user's implementation. As an added feature for
the CPU Filtering, the Switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the
user to create various lists of rules without immediately enabling them.
NOTE: CPU Interface Filtering is used to control traffic access to the switch directly such as protocols
transition or management access. A CPU interface filtering rule won't impact normal L2/3 traffic
forwarding. However, an improper CPU interface filtering rule may cause the network to
become unstable.
To view CPU Access Profile List window, click ACL > CPU Access Profile List as shown below:
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a
frame the Switch will examine, such as the MAC source address or the IP destination address. The second part is
entering the criteria the Switch will use to determine what to do with the frame. The entire process is described
below.
Specify that the IP precedence of the outgoing packet is changed with the new
value. If used without an action priority, the packet is sent to the default TC.
Tick the check box and enter the name of the Time Range settings that has been
previously configured in the Time Range Settings window. This will set specific
times when this access rule will be implemented on the Switch.
Here the user can select the counter. By checking the counter, the administrator
can see how many times that the rule was hit.
When a range of ports is to be configured, the Auto Assign check box MUST be
ticked in the Access ID field of this window. If not, the user will be presented with
an error message and the access rule will not be configured. Ticking the All Ports
check box will denote all ports on the Switch.
Specify the VLAN name to apply to the access rule.
Specify the VLAN ID to apply to the access rule.
Figure 7-22 Access Rule Detail Information (Packet Content ACL)
201