
xStack
config cpu access_profile
in their header.
• protocol_id <value
• user_define_mask <hex 0x0-0xffffffff> − Specifies that the rule
applies to the IP protocol ID and the mask options behind the IP header.
• packet_content_mask – Specifies that the Switch will mask the packet
| header beginning with the offset value specified as follows: |
| • |
| byte 0 to byte 15. |
| • |
| byte 16 to byte 31. |
| • |
| byte 32 to byte 47. |
| • |
| byte 48 to byte 63. |
| • |
| byte 64 to byte 79. |
| port <portlist> - The access profile for the CPU may be defined for each |
| port on the Switch. The port list is specified by listing the lowest switch |
| number and the beginning port number on that switch, separated by a |
| colon. Then the highest switch number, and the highest port number of the |
| range (also separated by a colon) are specified. The beginning and end of |
| the port list range are separated by a dash. For example, 1:3 specifies |
| switch number 1, port 3. 2:4 specifies switch number 2, port 4. |
| specifies all of the ports between switch 1, port 3 and switch 2, port 4 − in |
| numerical order. |
| permit deny – Specify that the packet matching the criteria configured with |
| command will either be permitted entry to the cpu or denied entry to the |
| cpu. |
| delete access_id <value |
| created access rule in a profile ID. |
Restrictions | Only |
Example usage:
To configure cpu access list entry:
Command: config cpu access_profile profile_id 10 add access_id 1 ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port 1 deny
Success.
232