D-Link DES-3828 Product Manual - Page 149

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual

145

Command

Parameters

0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 32-47 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | {offset 48-

63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> | {offset 64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff>}] [profile_id <value 1-5>]

delete cpu access_profile

profile_id <value 1-5>

config cpu access_profile profile_id

<value 1-5> [add access_id <value 1-65535> [ethernet {vlan

<vlan_name 32>

| source_mac <macaddr> | destination_mac <macaddr> | ethernet_type <hex

0x0-0xffff>} [permit | deny] | ip {vlan <vlan_name 32> | source_ip <ipaddr> |

destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> code

<value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value 0-65535> |

dst_port <value 0-65535> | {urg | ack | psh | rst | syn | fin}]} | udp {src_port

<value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255>

{user_define <hex 0x0-0xffffffff>}]} [permit | deny] | packet_content {offset_0-15

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>|

offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex

0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} [permit |

deny] | delete access_id <value 1-65535>]

enable cpu interface_filtering

disable cpu_interface_filtering

show cpu_interface_filtering

show cpu access_profile

{profile_id <value 1-5> {access_id <value 1-65535>}}

Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the information

contained in each packet’s header. These criteria can be specified on a VLAN-by-VLAN basis.

Creating an access profile is divided into two basic parts. First, an access profile must be created using the

create access_profile

command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first

create

an access

profile that instructs the Switch to examine all of the relevant fields of each frame:

create access_profile ip source_ip_mask 255.255.255.0 profile_id 1

Here we have created an access profile that will examine the IP field of each frame received by the Switch. Each source IP address

the Switch finds will be combined with the

source_ip_mask

with a logical AND operation. The

profile_id

parameter is used to give

the access profile an identifying number

−

in this case,

1

. The

deny

parameter instructs the Switch to filter any frames that meet the

criteria

−

in this case, when a logical AND operation between an IP address specified in the next step and the

ip_source_mask

match.

The default for an access profile on the Switch is to

permit

traffic flow. If you want to restrict traffic, you must use the

deny

parameter.

Section	Page
INTRODUCTION	5
Using the Console CLI	7
Command Syntax	11
Basic Switch Commands	13
Switch Port Commands	31
SNMP V3	35
PoE Commands	49
Network Management Commands	54
Switch Utility Commands	62
Network Monitoring Commands	73
Layer 2 FDB Commands	86
Packet Storm Control Commands	94
QoS Commands	98
Mirror Configuration Commands	106
VLAN Commands	109
Link Aggregation Commands	123
IGMP Snooping Commands	127
802.1X Commands (Including Guest VLANs)	135
Access Control List (ACL) Commands	148
Traffic Segmentation Commands	168
Command List History	170
Basic IP Commands (For Layer 3)	173
ARP Commands	178
Routing Table Commands	182
Route Redistribution Commands	185
RIP Commands	191
IGMP Commands	195
Auto Config Commands V3	199
DNS Relay Commands	201
DVMRP Commands	205
IP Multicasting Commands	210
MD5 Commands	213
OSPF Configuration Commands	215
Time and SNTP Commands	232
Port Security Commands	238
MAC Notification Commands	242
SSH Commands	246
Jumbo Frame Commands	254
Access Authentication Control Commands	256
D-Link Single IP Management Commands	279
Multiple Spanning Tree Protocol (MSTP) Commands	289
SSL Commands	301
VRRP Commands	307
System Severity	316
DHCP Relay	318
IP-MAC Binding Commands	324
LACP Configuration Commands	338
CPU Interface Filtering (Software ACL) Commands	340
Modify Prompt and Banner Commands	348
Safeguard Engine	351
WRED Command List	353
Web-based Access Control (WAC) Commands	357
Double VLAN Command List	363
Limited Multicast IP Address Commands	368
Route Preference Commands	373
MAC-Based Access Control Commands	376
PIM Commands	385
Loopback Interface Commands	402
DHCP Server Command List	405
MLD Snooping Commands	421
Loopback Detection Commands	428
Password Recovery Commands	433
Multicast VLAN Commands	436
CPU Filtering Commands List	439
Broadcast Segmentation Commands	441
Technical Specifications	443

D-Link DES-3828 Product Manual - Page 149

create access_profile, create, create access_profile ip source_ip_mask 255.255.255.0 profile_id 1

Page 149 highlights