D-Link DES-3828 Product Manual - Page 159

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual config access_profile profile_id (packet content mask) | offset_16-31 | offset_32-47 | offset_48-63 | offset_64-79 } port [permit {priority {replace_priority} | replace_dscp } | deny | mirror] delete access_id ] Description This command is used to set the rule for a previously configured access profile setting based on packet content mask. These rules will determine if the Switch will forward, filter or mirror the identified packets, based on user configuration specified in this command. Users will set bytes to identify by entering them in hex form, offset from the first byte of the packet. Parameters profile_id - Enter an integer between 1 and 255 that is used to identify the access profile that will be configured with this command. This value is assigned to the access profile when it is created with the create access_profile command. The lower the profile ID, the higher the priority the rule will be given. add access_id - Adds an additional rule to the above specified access profile. • auto_assign - Adding this parameter will automatically assign an access_id to identify the rule. • - The value specifies the relative priority of the additional rule. Up to 65535 different rules may be configured for the Ethernet access profile. packet_content - Allows users to examine any specified content up to 80 bytes within a packet at one time and specifies that the Switch will mask the packet header beginning with the offset value specified as follows: • offset_0-15 - Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte. • offset_16-31 - Enter a value in hex form to mask the packet from byte 16 to byte 31. • offset_32-47 - Enter a value in hex form to mask the packet from byte 32 to byte 47. • offset_48-63 - Enter a value in hex form to mask the packet from byte 48 to byte 63. • offset_64-79 - Enter a value in hex form to mask the packet from byte 64 to byte 79. With this advanced unique Packet Content Mask (also known as Packet Content Access Control List - ACL), D-Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack widely spreading today. This is for the reason that Packet Content ACL is able to inspect any specified content of a packet in different protocol layers. port - The access profile for the packet content mask may be defined for each port on the Switch. Up to 65535 rules may be configured for each port. permit - Specifies that packets that match the access profile are permitted to be forwarded by the Switch. • priority − This parameter is specified if you want to re-write the 802.1p default priority previously set in the Switch, which is used to determine the CoS queue to which packets are forwarded to. Once this field is specified, packets accepted by the Switch that match this priority are forwarded to the CoS queue specified previously by the user. • {replace_priority} − Enter this parameter if you want to re-write the 802.1p default priority of a packet to the value entered in the Priority field, which meets the criteria specified previously in this command, before forwarding it on to the specified CoS queue. Otherwise, a packet will have its incoming 802.1p user priority re-written to its original value before being forwarded by the Switch. replace_dscp − Allows you to specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part 155