DGS-3100 Series Gigabit Stackable Managed Switch CLI Manual
The Access Control List commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
Command
create access_profile
(for Ethernet)
create access_profile
(for IP)
config access_profile
(for Ethernet)
config access_profile
config access_profile
delete access_profile
show access_profile
config time–range
show time–range
Each command is listed in detail, as follows:
create access_profile (for Ethernet)
Purpose
Syntax
201
ACCESS CONTROL LIST COMMANDS
Parameter
profile_id <value 1-15> [ethernet {vlan | source_mac <macmask 000000000000-
ffffffffffff> |destination_mac <macmask 000000000000-ffffffffffff> | 802.1p |
ethernet_type}]
profile_id <value 1–15> ip [ icmp { type | code } | igmp { type } | tcp
{ src_port_mask < hex 0x0–0xffff > | dst_port_msk <hex 0x0–0xffff> |
flag_mask }}{+ | –} {urg | ack | psh | rst | syn | fin }} | udp { src_port_mask < hex
0x0–0xffff > | dst_port_msk <hex 0x0–0xffff> } ] { source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp }
profile_id <value 1-15> [add access_id [auto assign | <value 1-240>] [Ethernet
{vlan <vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> |
destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |
ethernet_type <hex 0x0-0xffff>} ports <portlist> [permit {replace_priority <value
0-7> | replace_dscp <value 0-63> | rate_limit <value 64-1000000>} | deny]
{time_range <range_name 32>}
profile_id <value 1-15> [add access_id [auto assign | <value 1-240>] [ip
{source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type
<value 0-255> code <value 0-255>} | igmp {type <value 0–255>} | tcp {src_port
<value 0-65535> | dst_port <value 0-65535> | flag flag {+ | –} {urg | ack | psh |
rst | syn | fin }} | udp {src_port <value 0-65535> | dst_port <value 0–65535>}]}
ports <portlist> [permit {replace_priority <value 0-7> | replace_dscp <value 0–
63> | rate_limit <value 64-1000000>} | deny] {time_range <range_name 32>}
profile_id <value 1-15> delete access_id <value 1-240>
profile_id <value 1-15>
{profile_id <value 1-15>}
<range_name 32> [hours start_time <time hh:mm> end_time <time hh:mm>
weekdays <daylist> | delete]
To create an access profile on the Switch by examining the Ethernet
part of the packet header. Masks entered are combined with the
values the Switch finds in the specified frame header fields. Specific
values for the rules are entered using the config access_profile
command, below.
create access_profile profile_id <value 1-15> [ethernet {vlan |
source_mac <macmask 00:00:00:00:00:00-ff:ff:ff:ff:ff:ff >
|destination_mac <macmask 00:00:00:00:00:00-ff;ff:ff:ff:ff:ff > |
34