xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
77
config access_profile
Syntax
config access_profile profile_id <value 1-14> [add access_id [auto_assign | <value 1-
128>] [ethernet {vlan <vlan_name 32> | source_mac <macaddr 000000000000-
ffffffffffff> | destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |
ethernet_type <hex 0x0-0xffff>} port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate [no_limit | <value 1-156249>] | replace_dscp <value 0-63> |
counter [enable | disable]} | mirror {group_id <value 1-4>} | deny] | ip {vlan <vlan_name
32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type
<value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value
0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} | udp {src_port
<value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255> {user_define
<hex 0x0-0xffffffff>}]} port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate [ no_limit | <value 1-156249>] | replace_dscp <value 0-63> |
counter [enable | disable]} | mirror {group_id <value 1-4>} | deny] | packet_content
{offset_chunk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-0xffffffff> |
offset_chunk_3 <hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>} port
[<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate [no_limit |
<value 1-156249>] | replace_dscp <value 0-63> | counter [enable | disable]} | mirror
{group_id <value 1-4>} | deny] | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> |
source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr> | [ tcp {src_port <value 0-
65535> | dst_port <value 0-65535>} | udp {src_port <value 0-65535> | dst_port <value 0-
65535>}]} port [<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate
[no_limit | <value 1-156249>] | counter [enable | disable]} | mirror {group_id <value 1-
4>} | deny]]{time_range <range_name 32>} | delete access_id <value 1-128>]
Description The config access_profile command configures access list entry.
ACL mirror function will be worked after mirror enabled and mirror port has been configured
by mirror command.
When apply a access rule to a target, if the target is VLAN, then the setting for value the
VLAN field will not take effect.
Parameters
profile_id - Specifies the index of access list profile. The range is depend on project.
access_id - Specifies the index of access list entry. The range of this value is 1-65535, but
the supported max entry number is depend on project.
auto_assign - while add to multiple ports , the access id will be auto assigned.
vlan - Specifies a vlan name
source_mac - Specifies the source mac
destination_mac - Specifies the destination mac
802.1p - Specifies the value of 802.1p priority tag, the vaule can be configured
between 1 to 7
ethernet_type - Specifies the Ethernet type
vlan - Specifies a vlan name
source_ip - Specifies an IP source address
destination_ip - Specifies an IP destination address
dscp - Specifies the value of dscp, the value can be configured 0 to 63
icmp – See below:
type - Specifies that the rule applies to the value of icmp type traffic
code - Specifies that the rule applies to the value of icmp code traffic
igmp – See below:
type - Specifies that the rule applies to the value of igmp type traffic
tcp – See below:
src_port - Specifies that the rule applies the range of tcp source port
dst_port - Specifies the range of tcp destination port range
flag - Specifies the TCP flag fields .
udp – See below:
src_port - Specifies the range of tcp source port range
