D-Link DES-3828 Product Manual - Page 158

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual create access_profile (packet content mask) | offset_16-31 | offset_32-47 | offset_48-63 | offset_64-79 } profile_id } Description This command is used to identify packets by examining the Ethernet packet header, by byte and then decide whether to filter or forward it, based on the user's configuration. The user will specify which bytes to examine by entering them into the command, in hex form, and then selecting whether to forward, filter or mirror them, using the config access_profile command. Parameters packet_content_mask - Allows users to examine any specified content up to 80 bytes within a packet at one time and specifies that the Switch will mask the packet header beginning with the offset value specified as follows: • offset_0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • offset_16-31 - Enter a value in hex form to mask the packet from byte 16 to byte 31. • offset_32-47 - Enter a value in hex form to mask the packet from byte 32 to byte 47. • offset_48-63 - Enter a value in hex form to mask the packet from byte 48 to byte 63. • offset_64-79 - Enter a value in hex form to mask the packet from byte 64 to byte 79. With this advanced unique Packet Content Mask (also known as Packet Content Access Control List - ACL), D-Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack widely spreading today. This is for the reason that Packet Content ACL is able to inspect any specified content of a packet in different protocol layers. profile_id - Specifies an index number between 1 and 255 that will identify the access profile being created with this command. Restrictions Only Administrator or Operator-level users can issue this command. Example usage: To create an Access profile by packet content mask: DES-3800:admin#create access_profile packet_content_mask offset_0-15 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF offset_16-31 0xFFFF 0xFFFF0000 0xF 0xF000000 profile_id 3 Command: create access_profile packet_content_mask offset_0-15 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF offset_16-31 0xFFFF 0xFFFF0000 0xF 0xF000000 profile_id 3 Success. DES-3800:admin# config access_profile profile_id (packet content mask) Purpose Syntax To configure the rule for a previously created access profile command based on the packet content mask. Packet content masks entered will specify certain bytes of the packet header to be identified by the Switch. When the Switch recognizes a packet with the identical byte as the one configured, it will either forward, filter or mirror the packet, based on the users command entered here. config access_profile profile_id [add access_id packet_content_mask {offset_0-15 154