D-Link 3312SR Reference Manual - Page 192
Access Control List (ACL) Commands, create, access_profile
 |
UPC - 790069263873
View all D-Link 3312SR manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 192 highlights
DGS-3312SR Layer 3 Gigabit Switch 25 ACCESS CONTROL LIST (ACL) COMMANDS The DGS-3312SR implements Access Control Lists that enable the switch to deny network access to specific devices or device groups based on IP settings or MAC address. The ACL commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command create access_profile delete access_profile profile_id config access_profile profile_id show access_profile Parameters [ethernet {vlan | source_mac | destination_mac | 802.1p | ethernet_type} | ip {vlan | source_ip_mask | destination_ip_mask | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask | dst_port_mask | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask | dst_port_mask } | protocol_id {user_mask }]} | packet_content_mask {offset_0-15 | offset_16-31 | offset_32-47 | offset_48-63 | offset_64-79 }] {port [ | all]} [profile_id ] [add access_id [ethernet {vlan | source_mac | destination_mac | 802.1p | ethernet_type [permit {priority {replace_priority}} | deny ] | ip {vlan | source_ip | destination_ip | dscp | [icmp {type code } | igmp {type } | tcp {src_port | dst_port | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port | dst_port } | protocol_id {user_define }]} [permit {priority {replace_priority }} | deny ] | packet_content {offset_0-15 | offset_16-31 | offset_32-47 | offset_48-63 | offset_64-79 }] [permit {priority {replace_priority} | deny] | delete access_id ] {profile_id } Access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on the information contained in each packet's header. These criteria can be specified on a VLAN-by-VLAN basis. Creating an access profile is divided into two basic parts. First, an access profile must be created using the create access_profile command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first create an access profile that instructs the switch to examine all of the relevant fields of each frame: 186
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187 -
188 -
189 -
190 -
191 -
192 -
193 -
194 -
195 -
196 -
197 -
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
 |
 |
