Create Access_Profile - D-Link DES-1210-28/ME Reference Manual

DES-1210-28/ME Metro Ethernet Managed Switch CLI Reference Guide

create access_profile

Purpose
Syntax
Description
Parameters
To create an access profile on the Switch by examining the Ethernet
part of the packet header. Masks entered are combined with the
values the Switch finds in the specified frame header fields. Specific
values for the rules are entered using the config access_profile
command, below.
create access_profile [ ethernet {vlan | source_mac <macmask>
| destination_mac <macmask> | 802.1p | ethernet_type} | ip
{source_ip_mask <netmask> | destination_ip_mask <netmask>
| dscp | [ icmp {type | code} | igmp {type} | tcp {src_port_mask
<hex (0x0-0xffff)> | dst_port_mask <hex (0x0-0xffff)> |
flag_mask} | udp {src_port_mask <hex (0x0-0xffff)> |
dst_port_mask <hex (0x0-0xffff)>} | protocol_id_mask <hex
(0x0-0xff)> ] } | packet_content_mask {[offset1 l offset2 | offset3
| offset4] [I2 | I3 | I4] <value (0-31)> <hex 0x0-0xffff> profile_id
<value (1-50)>
The create access_profile command creates a profile for packets
that may be accepted or denied by the Switch by examining the
Ethernet part of the packet header. Specific values for rules
pertaining to the Ethernet part of the packet header may be defined
by configuring the config access_profile command for Ethernet, as
stated below.
ethernet - Specifies that the Switch examines the layer 2 part of
each packet header with emphasis on one or more of the following:
vlan – Specifies that the Switch examine the VLAN part of
•
each packet header.
source_mac <macmask> – Specifies a MAC address mask
•
for the source MAC address. This mask is entered in the
following hexadecimal format: 000000000000-
FFFFFFFFFFFF.
destination_mac <macmask> – Specifies a MAC address
•
mask for the destination MAC address in the following
format: 000000000000-FFFFFFFFFFFF.
802.1p – Specifies that the Switch examine the 802.1p
•
priority value in the frame's header.
ethernet_type – Specifies that the Switch examine the Ethernet type
value in each frame's header.
ip - Specifies that the Switch examines the IP fields in each packet
with special emphasis on one or more of the following:
icmp – Specifies that the Switch examines the Protocol field in
each frame's IP header , and that the value must be 1 (Internet
Control Message Protocol- ICMP) for the action to take place.
type – Specifies that the Switch examines each frame's
•
ICMP Type field.
code – Specifies that the Switch examines each frame's
•
ICMP Code field.
igmp – Specifies that the Switch examine each frame's protocol
field and it must be 2 (Internet Group Management Protocol-
IGMP) for the action to take place.
type – Specifies that the Switch examine each frame's
•
IGMP Type field.
tcp – Specifies that the Switch examines each frames protocol
field and its value must be 6 (Transmission Control Protocol-
286