xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch CLI Manual

25

ACCESS CONTROL LIST (ACL) COMMANDS (INCLUDING CPU)

The xStack DES-6500 implement Access Control Lists that enable the Switch to deny network access to specific devices or device groups based on IP settings, MAC address, packet content and IPv6 settings.

Command

Parameters

create access_profile

profile_id <value 1-8> [ethernet {vlan source_mac <macmask> destination_mac

 

<macmask> 802.1p ethernet_type} ip {vlan source_ip_mask <netmask>

 

destination_ip_mask <netmask> dscp [icmp {type code} igmp {type} tcp

 

{src_port_mask <hex 0x0-0xffff> dst_port_mask <hex 0x0-0xffff> flag_mask [all

 

{urg ack psh rst syn fin}]} udp {src_port_mask <hex 0x0-0xffff>

 

dst_port_mask <hex 0x0-xffff>} protocol_id {user _mask <hex 0x0-0xffffffff>}]}

 

packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_48-63 <hex 0x0-0xffffffff>

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_64-79 <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} ipv6 {class

 

flowlabel [source_ipv6_mask <ipv6mask> destination_ipv6_mask <ipv6mask>]}]

delete access_profile

<value 1-8>

profile_id

 

 

 

config access_profile

<value 1-8> [add access_id <value 1-65535> [ethernet {vlan <vlan_name 32>

profile_id

source_mac <macaddr> destination_mac <macaddr> 802.1p <value 0-7>

 

ethernet_type <hex 0x0-0xffff>} ip {vlan <vlan_name 32> source_ip <ipaddr>

 

destination_ip <ipaddr> dscp <value 0-63> [icmp {type <value 0-255> code

 

<value 0-255>} igmp {type <value 0-255>} tcp {src_port <value 0-65535>

 

dst_port <value 0-65535> urg ack psh rst syn fin} udp {src_port <value 0-

 

65535> dst_port <value 0-65535>} protocol_id <value 0 - 255> {user_define

 

<hex 0x0-0xffffffff> }]} packet_content {offset_0-15 <hex0x0-0xffffffff> <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_16-31 <hex 0x0-0xffffffff>

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_32-47 <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff><hex 0x0-0xffffffff> <hex 0x0-0xffffffff> offset_48-63

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

 

offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex0x0-

 

0xffffffff>} ipv6 {class <value 0 –255> flowlabel <hex0x0-0xfffff> [source_ipv6

 

<ipv6addr> destination_ipv6 <ipv6addr>]}] port <portlist> all] [permit {priority

 

<value 0-7> {replace_priority}} replace_dscp <value 0-63> } deny] delete <value

 

1-65535>]

 

 

show access_profile

profile_id <value 1-8>

 

 

create cpu

profile_id <value 1-5> [ethernet {vlan source_mac <macmask> destination_mac

access_profile

<macmask> ethernet_type} ip {vlan source_ip_mask <netmask>

 

destination_ip_mask <netmask> dscp [icmp {type code} igmp {type} tcp

 

{src_port_mask <hex 0x0-0xffff> dst_port_mask <hex 0x0-0xffff>} flag_mask [all

 

{urg ack psh rst syn fin}]} udp {src_port_mask <hex 0x0-0xffff>

 

dst_port_mask <hex 0x0-0xffff>} protocol_id {user_mask <hex 0x0-0xffffffff>} ]}

 

packet_content_mask {offset 0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> offset 16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> {offset 32-47 <hex 0x0-0xffffffff> <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> {offset 48-63 <hex 0x0-0xffffffff>

 

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> {offset 64-79 <hex 0x0-

 

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]

 

 

209

Page 212
Image 212
D-Link TM DES-6500 manual Access Control List ACL Commands Including CPU