D-Link DES-3828 Product Manual - Page 148

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual

144

19

A

CCESS

C

ONTROL

L

IST

(ACL)

C

OMMANDS

The xStack DES-3800 switch series implements Access Control Lists that enable the Switch to deny or permit network access to

specific devices or device groups based on IP settings, MAC address, and packet content.

Command

Parameters

create access_profile

[ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |

802.1p | ethernet_type} | ip {vlan | source_ip_mask <netmask> |

destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp

{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask

[all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |

dst_port_mask <hex 0x0-xffff>} | protocol_id {user _mask <hex 0x0-0xffffffff> }]}

| packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-

63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff>}}] ipv6 { class | flowlabel | source_ipv6_mask

<ipv6mask> | destination_ipv6_mask <ipv6mask> } [profile_id <value 1-255>]

delete access_profile profile_id

[profile_id <value 1-255> | all]

config access_profile profile_id

<value 1-255> [add access_id [auto_assign | <value 1-65535>] [ethernet {vlan

<vlan_name 32> | source_mac <macaddr> | destination_mac <macaddr> |

802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff> } | ip {vlan <vlan_name

32> | source_ip <ipaddr> |

destination_ip <ipaddr> | dscp <value 0-63> |

[icmp

{type <value 0-255> code <value 0-255>} | igmp {type <value 0-255>} |

tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag_mask [all | {urg

| ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-

65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff> <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]} |

packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff><hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |

offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex

0x0-0xffffffff>}]

port <portlist> [permit {priority <value 0-7> {replace_priority} |

replace_dscp_with <value 0-63>} | deny | mirror] | delete access_id <value 1-

65535>] ipv6 { class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6

<ipv6addr> destination_ipv6 <ipv6addr> }

show access_profile

profile_id <value 1-255>

show current_config access_profile

config flow_meter profile_id

<value 1-255> access_id <value 1-65535> rate <value 0-999936> rate_exceed

[drop | set_drop_precedence ]

show flow_meter

meter { profile_id < value 1-255 > { access_id < access_id >}}

create cpu access_profile

[ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |

ethernet_type} | ip {vlan | source_ip_mask <netmask> |

destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp

{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | flag_mask

[all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> |

dst_port_mask <hex 0x0-0xffff>} | protocol_id {user_mask <hex 0x0-0xffffffff>}]}

| packet_content_mask {offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff>| offset 16-31 <hex 0x0-0xffffffff> <hex

Section	Page
INTRODUCTION	5
Using the Console CLI	7
Command Syntax	11
Basic Switch Commands	13
Switch Port Commands	31
SNMP V3	35
PoE Commands	49
Network Management Commands	54
Switch Utility Commands	62
Network Monitoring Commands	73
Layer 2 FDB Commands	86
Packet Storm Control Commands	94
QoS Commands	98
Mirror Configuration Commands	106
VLAN Commands	109
Link Aggregation Commands	123
IGMP Snooping Commands	127
802.1X Commands (Including Guest VLANs)	135
Access Control List (ACL) Commands	148
Traffic Segmentation Commands	168
Command List History	170
Basic IP Commands (For Layer 3)	173
ARP Commands	178
Routing Table Commands	182
Route Redistribution Commands	185
RIP Commands	191
IGMP Commands	195
Auto Config Commands V3	199
DNS Relay Commands	201
DVMRP Commands	205
IP Multicasting Commands	210
MD5 Commands	213
OSPF Configuration Commands	215
Time and SNTP Commands	232
Port Security Commands	238
MAC Notification Commands	242
SSH Commands	246
Jumbo Frame Commands	254
Access Authentication Control Commands	256
D-Link Single IP Management Commands	279
Multiple Spanning Tree Protocol (MSTP) Commands	289
SSL Commands	301
VRRP Commands	307
System Severity	316
DHCP Relay	318
IP-MAC Binding Commands	324
LACP Configuration Commands	338
CPU Interface Filtering (Software ACL) Commands	340
Modify Prompt and Banner Commands	348
Safeguard Engine	351
WRED Command List	353
Web-based Access Control (WAC) Commands	357
Double VLAN Command List	363
Limited Multicast IP Address Commands	368
Route Preference Commands	373
MAC-Based Access Control Commands	376
PIM Commands	385
Loopback Interface Commands	402
DHCP Server Command List	405
MLD Snooping Commands	421
Loopback Detection Commands	428
Password Recovery Commands	433
Multicast VLAN Commands	436
CPU Filtering Commands List	439
Broadcast Segmentation Commands	441
Technical Specifications	443

D-Link DES-3828 Product Manual - Page 148

Access Control List (ACL) Commands

Page 148 highlights