D-Link DES-3828 Product Manual - Page 157

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual config access_profile profile_id (IP) Restrictions • dst_port − Specifies that the access profile will apply only to packets that have this UDP destination port in their header. • protocol_id − Specifies that the Switch will examine the Protocol field in each packet and if this field contains the value entered here, apply the appropriate rules. • user_define − Enter a hexidecimal value that will identify the protocol to be discovered in the packet header. port - The access profile for IP may be defined for each port on the Switch. Up to 65535 rules may be configured for each port. permit - Specifies that packets that match the access profile are permitted to be forwarded by the Switch. • priority − This parameter is specified to re-write the 802.1p default priority previously set in the Switch, which is used to determine to which CoS queue packets are forwarded. Once this field is specified, packets accepted by the Switch that match this priority are forwarded to the CoS queue specified previously by the user. • {replace_priority} − Enter this parameter to re-write the 802.1p default priority of a packet to the value entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue. Otherwise, a packet will have its incoming 802.1p user priority rewritten to its original value before being forwarded by the Switch. replace_dscp − Allows you to specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the Switch and will be filtered. mirror - Selecting mirror specifies that packets that match the access profile are mirrored to a port defined in the config mirror port command. Port Mirroring must be enabled and a target port must be set. Remember, Port Mirroring cannot crossbox, that is they cannot span across switches in a switch stack. delete access_id − Use this command to delete a specific rule from the IP profile. Up to 65535 rules may be specified for the IP access profile. Only Administrator or Operator-level users can issue this command. Example usage: To configure a rule for the IP access profile: DES-3800:admin#config access_profile profile_id 2 add access_id 2 ip protocol_id 2 port 1 deny Command: config access_profile profile_id 2 add access_id 2 ip protocol_id 2 port 1 deny Success. DES-3800:admin# create access_profile (packet content mask) Purpose Syntax Used to create an access profile on the Switch by examining the Ethernet part of the packet header. Packet content masks entered will specify certain bytes of the packet header to be identified by the Switch. When the Switch recognizes a packet with the identical byte as the one configured, it will either forward, filter or mirror the packet, based on the users command. Specific values for the rules are entered using the config access_profile command, below. create access_profile packet_content_mask {offset_0-15 153