Filter
Top Products
xStack
®
DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide
83
hh:mm:ss> weekdays <daylist> | delete]
show time_range
show current_config access_profile
6-1 create access_profile
Description
This command is used to create access control list profiles.
When creating ACL, each profile can have 256 rules/access IDs. However, when creating ACL
type as Ethernet or IPv4 at the first time, 62 rules are reserved for the system. In this case, only
194 rules are available to configure. You can use the show access_prfile command to see the
available rules.
Support for field selections can have additional limitations that are project dependent.
For example, for some hardware, it may be invalid to specify a destination and source IPv6
address at the same time. The user will be prompted with these limitations.
The Switch supports the following profile types:
1. MAC DA, MAC SA, Ethernet Type, Outer VLAN Tag
2. Outer VLAN Tag, Source IPv4, Destination IPv4, DSCP, Protocol ID, TCP/UDP Source
Port, TCP/UDP Destination Port, ICMP type/code, IGMP type, TCP flags
3. Source IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)
4. Destination IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)
5. Class, Flow Label, IPv6 Protocol (Next Header), TCP/UDP source port, TCP/UDP
destination port, ICMP type/code, Outer VLAN Tag
6. Packet Content, Outer VLAN Tag
7. MAC SA, Ethernet Type, Source IPv4/ARP sender IP, Outer VLAN Tag
8. LLC Header/SNAP Header, Outer VLAN Tag
9. Source IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag
10. Destination IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag
Note: Profile Types 7 and 8 are not user configurable. Only system applications are allowed to create
this type of profiles.
Format
create access_profile profile_id <value 1-4> profile_name <name 32> [ethernet {vlan {<hex
0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac
<macmask000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip { vlan {<hex 0x0-0x0fff>} |
source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code } |
igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> |
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask
<hex 0x0-0xffffffff>}]} | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-
0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31>
<hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>} | ipv6 {class |